100% processor and disk-usage after windows-start, 2 dllhost etc

Inactive
By rogerthat69
Jan 26, 2014
  1. Have a laptop. I am sole user. Comp was earlier hijacked. Processor-fan also disappeared, was over- heated. Had it cleaned but nothing there. Then OS reinstalled. Fan worked again. But slowly things started to look worse again(1 month). Had 2 user-accounts on my own. I.e Windows Firewall where often open to Remote control! Found 3 PUM´s which could not be deleted(replaced). Fan stopped working again. Did a System Restore. Fan still not working but much better overall performance. Reduced processor-throttle(can not manage the fan) to reduce overheating but it keeps shutting down(95dgrs C). Ran aswMBR but found nothing. Ran Malwarebytes AntiMalware but nothing(both Fast and Full Scans). MBR-Virus? No more Firewall-problems after restoring it seems!

    Belarc shows a lot of security-problems, done SFC-scannow with repair done, done chkdisk with repair.

    Other Symtoms:

    After Log In a lot of "normal" processes starts. But they occupy a lot of processor-power(100% and disk-activity(100%) for about 5 min(10-20 Mb/sec). Then it goes down to normal but during a few minutes I can hardly do anything. Memory-hard errors also increases sometimes. Svchost.exe (LocalSystemNetwork-Restricted) is the process that takes upp most of the disk-usage(100%). It looks like some kind of backup? Reading and reading almost everything(and in the end writing). Both Back- ground and Normal processes with 100-500 ms response-times. Also Trusted Installer runs.

    Sometimes sudden close-down of computer but after rebooting there is no info about "unexpected close-down" as when overheating does the same!

    * Icons on desktop often disappears. But they are all reproduced in a minute.
    * RoqueKiller shows 3 HP Desk PUM´s. When deleted they are all replaced!(Log encl)
    * Have 2 Dllhost at start-up every time I look in TaskManager but both disappears in seconds.
    Both have long command-instructions.
    * Have 2 csrss.exe programs running with identical very long command-instructions, starts with
    Object dir =\Windows Shared Section.......
    * Can not disable Window Components(exe-program stalls)
    * On desktop there is a folder named "Shared" which is undeletable.
    * Mobsync.exe starts after booting. Had the file renamed. So no more problems!
    * Since Mobsync.exe where renamed my fan has been doing a slow come-back! Fan tries to start
    when there is very low processor-activity. Today it seems working fine!
    * Have a disk-volyme named \\?...hexadec.-name... . Don´t know what it is!
    * I don´t use IE since reinstalling OS(only once). Think it´s compromized. Thought of uninstall it but it
    doesn´t work(see above)

    LOGS(4): (sorry about some swedish language in logs(3), but nothing really to missunderstand I hope)

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Databasversion: v2014.01.26.04

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Ägaren :: ÄGAREN-DATOR [administratör]

    2014-01-26 17:42:43
    mbam-log-2014-01-26 (17-42-43).txt

    Skanningstyp: Snabbskanning
    Aktiverade skanningsalternativ: Minne | Start | Register | Filsystem | Heuristik/Extra | Heuristik/Shuriken | PUP | PUM
    Inaktiverade skanningsalternativ: P2P
    Antal skannade objekt: 221226
    Förfluten tid: 6 minut(er), 4 sekund(er)

    Upptäckta minnesprocesser: 0
    (Inga skadliga poster hittades)

    Upptäckta minnesmoduler: 0
    (Inga skadliga poster hittades)

    Upptäckta registernycklar: 0
    (Inga skadliga poster hittades)

    Upptäckta registervärden: 0
    (Inga skadliga poster hittades)

    Upptäckta registerdataposter: 0
    (Inga skadliga poster hittades)

    Upptäckta mappar: 0
    (Inga skadliga poster hittades)

    Upptäckta filer: 0
    (Inga skadliga poster hittades)

    (klar)


    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16526 BrowserJavaVersion: 10.45.2
    Run by Ägaren at 17:59:48 on 2014-01-26
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.2046.1256 [GMT 1:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\system32\SLsvc.exe
    C:\Program Files\Sandboxie\SbieSvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
    C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    C:\Program Files\Sandboxie\SbieCtrl.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Sandboxie\SbieSvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Ägaren\Desktop\dds.scr
    C:\Windows\System32\wbem\WmiPrvSE.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\lavasoft\adaware securesearch toolbar\adawareDx.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\lavasoft\adaware securesearch toolbar\adawareDx.dll
    uRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
    uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: dontdisplaylastusername = dword:1
    mPolicies-System: EnableUIADesktopToggle = dword:0
    DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
    TCP: NameServer = 83.255.245.11 193.150.193.150
    TCP: Interfaces\{7C28FB24-23FB-4DFF-9F5A-02C6CBD9B99D} : DHCPNameServer = 83.255.245.11 193.150.193.150
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\belarcadvisor\system\BAVoilaX.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    Hosts: 127.0.0.1 ads.mcafee.com
    Hosts: 127.0.0.1 analytics.microsoft.com
    Hosts: 127.0.0.1 metrics.bitdefender.com
    Hosts: 127.0.0.1 metrics.mcafee.com
    Hosts: 127.0.0.1 om.symantec.com
    .
    Note: multiple HOSTS entries found. Please refer to Attach.txt
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\ägaren\appdata\roaming\mozilla\firefox\profiles\zmugow3t.default\
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\system32\drivers\iaNvStor.sys [2007-5-4 208896]
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-9-27 214696]
    R0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\Si3531.sys [2009-2-5 212520]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
    R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\nitro pdf\reader 2\NitroPDFReaderDriverService2.exe [2011-6-21 196912]
    R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2013-10-16 159840]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-9-27 104768]
    S3 NisSrv;Microsoft Nätverkskontroll;c:\program files\microsoft security client\NisSrv.exe [2013-10-23 280288]
    S3 RTCore32;RTCore32;c:\program files\rmclock\RTCore32.sys [2013-12-29 4608]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
    .
    =============== Created Last 30 ================
    .
    2014-01-26 16:08:50 -------- d--h--w- c:\windows\PIF
    2014-01-25 19:32:04 7760024 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{adbecb68-8c3d-4771-bac3-253642915985}\mpengine.dll
    2014-01-24 18:59:03 7760024 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2014-01-23 17:28:45 719224 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
    2014-01-23 17:28:45 719224 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8c23d153-8ac1-4cbd-aaf1-7c9fb6aee1dc}\gapaengine.dll
    2014-01-21 15:20:15 -------- d-----w- c:\windows\CheckSur
    2014-01-18 12:50:52 -------- d-----r- C:\Sandbox
    2014-01-18 01:41:05 -------- d-----w- c:\program files\Sandboxie
    2014-01-15 11:03:00 -------- d-----w- c:\windows\Migration
    2014-01-09 21:45:49 -------- d-----w- C:\mbar
    2014-01-09 20:42:40 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-01-06 22:40:02 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys
    2014-01-06 22:39:53 -------- d-----w- c:\program files\Notebook Hardware Control
    2014-01-04 14:58:14 -------- d-----w- c:\program files\Belarc
    2013-12-31 12:25:56 -------- d-----w- C:\getservices
    2013-12-29 15:07:09 -------- d-----w- c:\program files\Mozilla Maintenance Service
    2013-12-29 14:54:18 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-12-29 14:54:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2013-12-29 14:39:39 -------- d-----w- c:\program files\RMClock
    2013-12-28 23:18:41 36864 ----a-w- c:\windows\system32\wshcon.dll
    2013-12-28 23:18:41 172032 ----a-w- c:\windows\system32\scrrun.dll
    2013-12-28 23:18:41 155648 ----a-w- c:\windows\system32\wscript.exe
    2013-12-28 23:18:41 135168 ----a-w- c:\windows\system32\cscript.exe
    2013-12-28 23:18:41 131072 ----a-w- c:\windows\system32\wshom.ocx
    2013-12-28 23:17:56 2050560 ----a-w- c:\windows\system32\win32k.sys
    2013-12-28 23:17:52 335360 ----a-w- c:\windows\system32\SysFxUI.dll
    2013-12-28 23:17:51 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
    2013-12-28 23:17:51 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
    2013-12-28 23:17:47 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
    2013-12-28 23:14:58 -------- d-----w- c:\program files\Microsoft Security Client
    2013-12-28 17:03:17 -------- d-----w- c:\program files\BillP Studios
    2013-12-28 09:37:59 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll
    2013-12-28 09:37:59 387584 ----a-w- c:\program files\internet explorer\jsdbgui.dll
    2013-12-28 09:37:58 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2013-12-27 23:28:29 -------- d-----w- c:\program files\SysInternals
    .
    ==================== Find3M ====================
    .
    2014-01-19 07:32:23 231584 ------w- c:\windows\system32\MpSigStub.exe
    2014-01-09 22:03:59 4608 ----a-w- c:\windows\system32\drivers\null.sys.bak
    2014-01-08 01:03:45 334720 ----a-w- c:\program files\RootkitRevealer.exe
    2013-12-30 08:09:38 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-12-30 08:09:38 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-11-14 22:50:50 1806848 ----a-w- c:\windows\system32\jscript9.dll
    2013-11-14 22:43:24 1105408 ----a-w- c:\windows\system32\urlmon(634).dll
    2013-11-14 22:42:41 1129472 ----a-w- c:\windows\system32\wininet.dll
    2013-11-14 22:42:41 1129472 ----a-w- c:\windows\system32\wininet(747).dll
    2013-11-14 22:38:54 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2013-11-14 22:38:16 420864 ----a-w- c:\windows\system32\vbscript.dll
    2013-11-14 22:36:16 1796096 ----a-w- c:\windows\system32\iertutil(582).dll
    2013-11-14 22:35:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2013-11-10 04:35:26 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-10-30 02:13:01 1304064 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
    2013-09-20 13:30:30 475136 ----a-w- c:\program files\setup.exe
    2013-09-20 13:30:28 2260992 ----a-w- c:\program files\openoffice401.msi
    .
    ============= FINISH: 17:59:56,99 ===============

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 2013-10-21 12:51:15
    System Uptime: 2014-01-26 15:45:34 (2 hours ago)
    .
    Motherboard: FUJITSU SIEMENS | | F40
    Processor: Intel(R) Core(TM)2 Duo CPU T8100 @ 2.10GHz | U2E1 | 2101/mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 195 GiB total, 139,631 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 38 GiB total, 37,482 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP111: 2013-12-27 20:13:12 - Återställningsåtgärd
    RP112: 2013-12-27 22:34:30 - Återställningsåtgärd
    RP113: 2013-12-27 23:06:39 - Återställningsåtgärd
    RP114: 2013-12-27 23:19:07 - Återställningsåtgärd
    RP115: 2013-12-27 23:37:13 - Återställningsåtgärd
    RP116: 2013-12-28 01:20:59 - Windows Update
    RP117: 2013-12-28 10:37:12 - Windows Update
    RP119: 2013-12-28 11:22:19 - Revo Uninstaller's restore point - Microsoft Security Essentials
    RP121: 2013-12-28 16:00:47 - Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 1.75.0.1300
    RP122: 2013-12-29 13:01:25 - Windows Update
    RP123: 2013-12-30 13:04:58 - Windows Update
    RP124: 2014-01-02 23:17:51 - Windows Update
    RP125: 2014-01-05 01:02:20 - Windows Update
    RP126: 2014-01-08 00:51:42 - Efter anpassn av Schemalägg samt före borttag av appmngr/fil sa
    RP127: 2014-01-08 12:47:32 - Windows Update
    RP128: 2014-01-09 08:57:39 - Före körning av RoqueKiller och borttag av Recycle(19).Bin26/11
    RP129: 2014-01-12 17:20:08 - Windows Update
    RP131: 2014-01-12 18:43:38 - Revo Uninstaller's restore point - Prevx
    RP132: 2014-01-15 11:57:23 - Windows Update
    RP133: 2014-01-19 14:48:43 - Windows Update
    RP134: 2014-01-20 17:08:53 - Windows Update
    RP135: 2014-01-21 14:13:33 - Schemalagd kontrollpunkt
    RP136: 2014-01-21 15:08:27 - Installationsprogram för Windows-moduler
    RP137: 2014-01-21 15:46:55 - Före fix av Windows-funktioner
    RP138: 2014-01-21 16:19:47 - Windows Update
    RP139: 2014-01-24 18:23:24 - Schemalagd kontrollpunkt
    RP140: 2014-01-24 19:58:36 - Windows Update
    .
    ==== Hosts File Hijack ======================
    .
    Hosts: 127.0.0.1 ads.mcafee.com
    Hosts: 127.0.0.1 analytics.microsoft.com
    Hosts: 127.0.0.1 metrics.bitdefender.com
    Hosts: 127.0.0.1 metrics.mcafee.com
    Hosts: 127.0.0.1 om.symantec.com
    Hosts: 127.0.0.1 ox-d.majorgeeks.com
    Hosts: 127.0.0.1 ads.bleepingcomputer.com
    Hosts: 127.0.0.1 wdcs.trendmicro.com
    .
    ==== Installed Programs ======================
    .
    Ad-Aware Security Add-on
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Belarc Advisor 8.4
    CCleaner
    Exterminate It!
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Intel(R) Matrix Storage Manager
    Java 7 Update 45
    Java Auto Updater
    Malwarebytes Anti-Malware version 1.75.0.1300
    Microsoft .NET Framework 3.5 Language Pack SP1 - sve
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4.5.1
    Microsoft .NET Framework 4.5.1 (SVE)
    Microsoft .NET Framework 4.5.1 (svenska)
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Motorola SM56 Speakerphone Modem
    Mozilla Firefox 26.0 (x86 sv-SE)
    Mozilla Maintenance Service
    NirSoft BlueScreenView
    Nitro PDF Reader 2
    Notebook Hardware Control 2.0 Pre-Release-06 Bugfix
    NVIDIA Drivers
    OpenOffice 4.0.1
    PVSonyDll
    Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
    Realtek High Definition Audio Driver
    Revo Uninstaller 1.95
    Sandboxie 4.06 (32-bit)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
    Språkpaket för Microsoft .NET Framework 3.5 SP 1 - sve
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    WinPatrol
    .
    ==== End Of File ===========================

    RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Started in : Safe mode
    User : Ägaren [Admin rights]
    Mode : Remove -- Date : 01/09/2014 20:40:44

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 4 ¤¤¤
    [HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Browser Addons : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED 0xc000035f] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 localhost
    ::1 localhost #[IPv6]
    127.0.0.1 fr.a2dfp.net
    127.0.0.1 m.fr.a2dfp.net
    127.0.0.1 ad.a8.net
    127.0.0.1 asy.a8ww.net
    127.0.0.1 abcstats.com
    127.0.0.1 a.abv.bg
    127.0.0.1 adserver.abv.bg
    127.0.0.1 adv.abv.bg
    127.0.0.1 bimg.abv.bg
    127.0.0.1 ca.abv.bg
    127.0.0.1 www2.a-counter.kiev.ua
    127.0.0.1 track.acclaimnetwork.com
    127.0.0.1 accuserveadsystem.com
    127.0.0.1 www.accuserveadsystem.com
    127.0.0.1 achmedia.com
    127.0.0.1 csh.actiondesk.com
    127.0.0.1 www.activemeter.com #[Tracking.Cookie]
    127.0.0.1 ads.activepower.net
    [...]


    ¤¤¤ MBR Check: ¤¤¤

    Finished : << RKreport[0]_D_01092014_204044.txt >>
    RKreport[0]_S_01092014_203618.txt
  2. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==========================================

    [​IMG] Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
  3. rogerthat69

    rogerthat69 Newcomer, in training Topic Starter Posts: 47

    Hello Broni,
    Many thanks for Your attention and help.
    Ran RoqueKiller and as usual everything went fine until near end when "reading MBR" the scan-window went gray and a few moments later it shutted down. No logs where produced as far as I can see. But 4 PUM´s where found + a "suspected path" for a
    "screensaver" (file/program?). I will re-run RoqueKiller without the MBR-box crossed
    and post the log. Shall I try to run RoqueKiller with the "debug"-version? Or re-name
    RoqueKiller?
  4. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    I didn't notice you posted RogueKiller log already.
    Go ahead with MBAR.
  5. rogerthat69

    rogerthat69 Newcomer, in training Topic Starter Posts: 47

    Ok Broni, but just for the record I re-runned RoqueKiller without the MBR Scan. I also found hooks on 3 FirewallAPI.dll´s. I guess the suspected path comes from the downloaded DDS.pif-file (I did not install that screensaver by the way).

    Here´s the fresh log from RoqueKiller;

    RogueKiller V8.8.3 [Jan 24 2014] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Started in : Normal mode
    User : Ägaren [Admin rights]
    Mode : Scan -- Date : 01/27/2014 01:37:52
    | ARK || FAK |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 5 ¤¤¤
    [HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [SCREENSVR][SUSP PATH] HKCU\[...]\Desktop : SCRNSAVE.EXE (C:\Users\GAREN~1\Desktop\dds.scr [x]) -> FOUND

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Browser Addons : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤
    [Inline] EAT @explorer.exe (FwDoNothingOnObject) : FirewallAPI.dll -> HOOKED (Unknown @ 0x3613CB66)
    [Inline] EAT @explorer.exe (FwEnableMemTracing) : FirewallAPI.dll -> HOOKED (Unknown @ 0x3613CB66)
    [Inline] EAT @explorer.exe (FwSetMemLeakPolicy) : FirewallAPI.dll -> HOOKED (Unknown @ 0x3613CB66)

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 localhost
    ::1 localhost #[IPv6]
    127.0.0.1 fr.a2dfp.net
    127.0.0.1 m.fr.a2dfp.net
    127.0.0.1 ad.a8.net
    127.0.0.1 asy.a8ww.net
    127.0.0.1 abcstats.com
    127.0.0.1 a.abv.bg
    127.0.0.1 adserver.abv.bg
    127.0.0.1 adv.abv.bg
    127.0.0.1 bimg.abv.bg
    127.0.0.1 ca.abv.bg
    127.0.0.1 www2.a-counter.kiev.ua
    127.0.0.1 track.acclaimnetwork.com
    127.0.0.1 accuserveadsystem.com
    127.0.0.1 www.accuserveadsystem.com
    127.0.0.1 achmedia.com
    127.0.0.1 csh.actiondesk.com
    127.0.0.1 www.activemeter.com #[Tracking.Cookie]
    127.0.0.1 ads.activepower.net
    [...]


    ¤¤¤ MBR Check: ¤¤¤

    Finished : << RKreport[0]_S_01272014_013752.txt >>
  6. rogerthat69

    rogerthat69 Newcomer, in training Topic Starter Posts: 47

    MBAR; Log (clean log)

    Malwarebytes Anti-Rootkit BETA 1.07.0.1009
    www.malwarebytes.org

    Database version: v2014.01.27.01

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Ägaren :: ÄGAREN-DATOR [administrator]

    2014-01-27 02:02:26
    mbar-log-2014-01-27 (02-02-26).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 224114
    Time elapsed: 7 minute(s), 35 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)


    Malwarebytes Anti-Rootkit BETA 1.07.0.1009

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.0.6002 Windows Vista Service Pack 2 x86

    Account is Administrative

    Internet Explorer version: 9.0.8112.16421

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
    CPU speed: 2.094000 GHz
    Memory total: 2145067008, free: 1235144704

    Downloaded database version: v2014.01.27.01
    Downloaded database version: v2013.12.18.01
    =======================================
    ------------ Kernel report ------------
    01/27/2014 02:02:21
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntkrnlpa.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\BOOTVID.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\acpi.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\system32\drivers\intelide.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\DRIVERS\iaStor.sys
    \SystemRoot\system32\DRIVERS\iaNvStor.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\DRIVERS\Si3531.sys
    \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\system32\DRIVERS\MpFilter.sys
    \SystemRoot\system32\DRIVERS\SiWinAcc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\msrpc.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\system32\DRIVERS\SiRemFil.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\ecache.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\drivers\crcdisk.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\tunmp.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\vgapnp.sys
    \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    \SystemRoot\system32\DRIVERS\watchdog.sys
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\NETw4v32.sys
    \SystemRoot\system32\DRIVERS\Rtlh86.sys
    \SystemRoot\system32\DRIVERS\ohci1394.sys
    \SystemRoot\system32\DRIVERS\1394BUS.SYS
    \SystemRoot\system32\DRIVERS\itecir.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\msiscsi.sys
    \SystemRoot\system32\DRIVERS\storport.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\circlass.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\DRIVERS\smserial.sys
    \SystemRoot\system32\drivers\modem.sys
    \SystemRoot\system32\drivers\RTKVHDA.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\DRIVERS\hidir.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\drivers\MODEMCSA.sys
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\System32\DRIVERS\rasacd.sys
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\smb.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\ws2ifsl.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\System32\Drivers\fastfat.SYS
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_iaStor.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\system32\DRIVERS\wmiacpi.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\framebuf.dll
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\drivers\spsys.sys
    \??\C:\Program Files\Sandboxie\SbieDrv.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\asyncmac.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\system32\DRIVERS\cdfs.sys
    \??\C:\Windows\system32\TrueSight.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xffffffff876e0ac8
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\Ide\RobsonImd-0\
    Lower Device Object: 0xffffffff84e48028
    Lower Device Driver Name: \Driver\iaNvStor\
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff875dd9e0
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-0\
    Lower Device Object: 0xffffffff84e28030
    Lower Device Driver Name: \Driver\iaStor\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff875dd9e0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff875dd488, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
    DevicePointer: 0xffffffff875dd600, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffffff875dd9e0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    DevicePointer: 0xffffffff84e226b8, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffffff84e28030, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: C92722F4

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 409600000
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 409602048 Numsec = 78790656

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 250059350016 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)...
    Done!
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xffffffff876e0ac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff875dd120, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
    DevicePointer: 0xffffffff876e07b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffffff876e0ac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
    DevicePointer: 0xffffffff84e48028, DeviceName: \Device\Ide\RobsonImd-0\, DriverName: \Driver\iaNvStor\
    ------------ End ----------
    Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 61F6E521

    Partition information:

    Partition 0 type is Other (0xb)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 1049809

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 538583040 bytes
    Sector size: 512 bytes

    Done!
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
    Removal finished
  7. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  8. rogerthat69

    rogerthat69 Newcomer, in training Topic Starter Posts: 47

    Noticed some "DevicePointers" from MBAR Diskscan without name-ref: (from log)

    ***********************
    DevicePointer: 0xffffffff875dd120, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
    DevicePointer: 0xffffffff876e07b0, DeviceName: Unknown, DriverName: \Driver\partmgr\

    Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0

    ************************
  9. rogerthat69

    rogerthat69 Newcomer, in training Topic Starter Posts: 47

    TDS Log Part 1 (nothing found);

    02:31:31.0963 0x03ac TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
    02:31:38.0469 0x03ac ============================================================
    02:31:38.0469 0x03ac Current date / time: 2014/01/27 02:31:38.0469
    02:31:38.0469 0x03ac SystemInfo:
    02:31:38.0469 0x03ac
    02:31:38.0469 0x03ac OS Version: 6.0.6002 ServicePack: 2.0
    02:31:38.0469 0x03ac Product type: Workstation
    02:31:38.0469 0x03ac ComputerName: ÄGAREN-DATOR
    02:31:38.0469 0x03ac UserName: Ägaren
    02:31:38.0469 0x03ac Windows directory: C:\Windows
    02:31:38.0469 0x03ac System windows directory: C:\Windows
    02:31:38.0469 0x03ac Processor architecture: Intel x86
    02:31:38.0469 0x03ac Number of processors: 2
    02:31:38.0469 0x03ac Page size: 0x1000
    02:31:38.0469 0x03ac Boot type: Normal boot
    02:31:38.0469 0x03ac ============================================================
    02:31:41.0214 0x03ac KLMD registered as C:\Windows\system32\drivers\03674270.sys
    02:31:41.0542 0x03ac System UUID: {A03B0DB9-2FFD-818C-37B2-600D67035ED3}
    02:31:42.0712 0x03ac Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    02:31:42.0712 0x03ac ============================================================
    02:31:42.0712 0x03ac \Device\Harddisk0\DR0:
    02:31:42.0712 0x03ac MBR partitions:
    02:31:42.0712 0x03ac \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x186A0000
    02:31:42.0712 0x03ac \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x186A0800, BlocksNum 0x4B24000
    02:31:42.0712 0x03ac ============================================================
    02:31:42.0712 0x03ac C: <-> \Device\Harddisk0\DR0\Partition1
    02:31:42.0759 0x03ac E: <-> \Device\Harddisk0\DR0\Partition2
    02:31:42.0759 0x03ac ============================================================
    02:31:42.0759 0x03ac Initialize success
    02:31:42.0759 0x03ac ============================================================
    02:31:46.0035 0x08c0 ============================================================
    02:31:46.0035 0x08c0 Scan started
    02:31:46.0035 0x08c0 Mode: Manual;
    02:31:46.0035 0x08c0 ============================================================
    02:31:46.0035 0x08c0 KSN ping started
    02:31:59.0794 0x08c0 KSN ping finished: true
    02:32:00.0402 0x08c0 ================ Scan system memory ========================
    02:32:00.0402 0x08c0 System memory - ok
    02:32:00.0402 0x08c0 ================ Scan services =============================
    02:32:00.0558 0x08c0 [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI C:\Windows\system32\drivers\acpi.sys
    02:32:00.0574 0x08c0 ACPI - ok
    02:32:00.0652 0x08c0 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303, FBBDD38574A1F66A5AA12B82E34FDE60B870180C4B7100C15757539DC869ED4B ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    02:32:00.0652 0x08c0 adp94xx - ok
    02:32:00.0699 0x08c0 [ 60505E0041F7751BDBB80F88BF45C2CE, 1DE16042B8ABD7B643189E836DE273832EE743FD66AFBB641E8049C4E0CD04D8 ] adpahci C:\Windows\system32\drivers\adpahci.sys
    02:32:00.0699 0x08c0 adpahci - ok
    02:32:00.0714 0x08c0 [ 8A42779B02AEC986EAB64ECFC98F8BD7, B89938EFF4E81FA44197D2D839EBD3340DDE01FBC79605049C088621784C1B91 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
    02:32:00.0714 0x08c0 adpu160m - ok
    02:32:00.0745 0x08c0 [ 241C9E37F8CE45EF51C3DE27515CA4E5, 1A03E93DD8C1F3640C96124A14A3D0F4E349B06CCA2118CE40B8AE201A4030A7 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    02:32:00.0745 0x08c0 adpu320 - ok
    02:32:00.0761 0x08c0 [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    02:32:00.0761 0x08c0 AeLookupSvc - ok
    02:32:00.0792 0x08c0 [ 3911B972B55FEA0478476B2E777B29FA, 62545B90C7DD3F73777E62CD8264E611A4D71B6956CABFD2D820D25F41F471FD ] AFD C:\Windows\system32\drivers\afd.sys
    02:32:00.0792 0x08c0 AFD - ok
    02:32:00.0823 0x08c0 [ 13F9E33747E6B41A3FF305C37DB0D360, 066DD6060B1CF93F85BBAAA52848C801128CD294E8B7EACD912E0EF219DBFBC2 ] agp440 C:\Windows\system32\drivers\agp440.sys
    02:32:00.0823 0x08c0 agp440 - ok
    02:32:00.0839 0x08c0 [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
    02:32:00.0855 0x08c0 aic78xx - ok
    02:32:00.0870 0x08c0 [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG C:\Windows\System32\alg.exe
    02:32:00.0870 0x08c0 ALG - ok
    02:32:00.0886 0x08c0 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91, 0EADB6AE21FEDAB55D41F41B638198B556CC2BE2EE57F6C8B40EB044A318319F ] aliide C:\Windows\system32\drivers\aliide.sys
    02:32:00.0886 0x08c0 aliide - ok
    02:32:00.0886 0x08c0 [ C47344BC706E5F0B9DCE369516661578, 689C9CDAF6F38227F1C34359CAEB3C7798F318EDFD4B7FE532FBE3C8E4EE3DC8 ] amdagp C:\Windows\system32\drivers\amdagp.sys
    02:32:00.0901 0x08c0 amdagp - ok
    02:32:00.0901 0x08c0 [ 9B78A39A4C173FDBC1321E0DD659B34C, 2CA66EB68AD7A317D91C13B8CFD4E8CA985926A610D19595B613F5553B145C7B ] amdide C:\Windows\system32\drivers\amdide.sys
    02:32:00.0901 0x08c0 amdide - ok
    02:32:00.0917 0x08c0 [ 18F29B49AD23ECEE3D2A826C725C8D48, 0FA08882301D218E367E63E1966B6406220EE94BAE7E7DAD6E55EB70BF6FED7F ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
    02:32:00.0917 0x08c0 AmdK7 - ok
    02:32:00.0948 0x08c0 [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
    02:32:00.0948 0x08c0 AmdK8 - ok
    02:32:00.0948 0x08c0 [ C6D704C7F0434DC791AAC37CAC4B6E14, 35CF7D1895F97637E0C678A39F3049B871BCA9526D379C7793ED33B87D2EAC4C ] Appinfo C:\Windows\System32\appinfo.dll
    02:32:00.0964 0x08c0 Appinfo - ok
    02:32:00.0964 0x08c0 [ 5D2888182FB46632511ACEE92FDAD522, 2E53231ACAF9B2FB7993DBC1CD15C06D7B0CCE0D08DAFF7B0CC13A2040028A75 ] arc C:\Windows\system32\drivers\arc.sys
    02:32:00.0979 0x08c0 arc - ok
    02:32:00.0979 0x08c0 [ 5E2A321BD7C8B3624E41FDEC3E244945, 9D47FF6C823868F2267FEFAB5851D3CD2BC3F619A2D6EFF803EA22DB0509C450 ] arcsas C:\Windows\system32\drivers\arcsas.sys
    02:32:00.0995 0x08c0 arcsas - ok
    02:32:01.0151 0x08c0 [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
    02:32:01.0151 0x08c0 aspnet_state - ok
    02:32:01.0167 0x08c0 [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    02:32:01.0167 0x08c0 AsyncMac - ok
    02:32:01.0182 0x08c0 [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi C:\Windows\system32\drivers\atapi.sys
    02:32:01.0182 0x08c0 atapi - ok
    02:32:01.0229 0x08c0 [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    02:32:01.0245 0x08c0 AudioEndpointBuilder - ok
    02:32:01.0260 0x08c0 [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] Audiosrv C:\Windows\System32\Audiosrv.dll
    02:32:01.0276 0x08c0 Audiosrv - ok
    02:32:01.0291 0x08c0 [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep C:\Windows\system32\drivers\Beep.sys
    02:32:01.0291 0x08c0 Beep - ok
    02:32:01.0323 0x08c0 [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE C:\Windows\System32\bfe.dll
    02:32:01.0338 0x08c0 BFE - ok
    02:32:01.0401 0x08c0 [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS C:\Windows\System32\qmgr.dll
    02:32:01.0463 0x08c0 BITS - ok
    02:32:01.0494 0x08c0 [ D4DF28447741FD3D953526E33A617397, E7239BA432090F8AC7DF453DB876507CD4419ECA964D289408A1B2B353618693 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
    02:32:01.0494 0x08c0 blbdrive - ok
    02:32:01.0510 0x08c0 [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    02:32:01.0510 0x08c0 bowser - ok
    02:32:01.0525 0x08c0 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
    02:32:01.0525 0x08c0 BrFiltLo - ok
    02:32:01.0541 0x08c0 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
    02:32:01.0541 0x08c0 BrFiltUp - ok
    02:32:01.0557 0x08c0 [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser C:\Windows\System32\browser.dll
    02:32:01.0557 0x08c0 Browser - ok
    02:32:01.0588 0x08c0 [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid C:\Windows\system32\drivers\brserid.sys
    02:32:01.0588 0x08c0 Brserid - ok
    02:32:01.0603 0x08c0 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
    02:32:01.0603 0x08c0 BrSerWdm - ok
    02:32:01.0619 0x08c0 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
    02:32:01.0619 0x08c0 BrUsbMdm - ok
    02:32:01.0619 0x08c0 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
    02:32:01.0635 0x08c0 BrUsbSer - ok
    02:32:01.0635 0x08c0 [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    02:32:01.0635 0x08c0 BTHMODEM - ok
    02:32:01.0650 0x08c0 [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    02:32:01.0666 0x08c0 cdfs - ok
    02:32:01.0681 0x08c0 [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    02:32:01.0681 0x08c0 cdrom - ok
    02:32:01.0713 0x08c0 [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc C:\Windows\System32\certprop.dll
    02:32:01.0713 0x08c0 CertPropSvc - ok
    02:32:01.0728 0x08c0 [ E5D4133F37219DBCFE102BC61072589D, 74C7F8C53D9C71CE3C8B33BC0331948571318402B0A8E1AC4552360504092A46 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    02:32:01.0728 0x08c0 circlass - ok
    02:32:01.0744 0x08c0 [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS C:\Windows\system32\CLFS.sys
    02:32:01.0759 0x08c0 CLFS - ok
    02:32:01.0822 0x08c0 [ 8EE772032E2FE80A924F3B8DD5082194, B743DF91563A22CC15D9B44105804B5866A29D3DFC156DBE88DFAFEF903B94C0 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    02:32:01.0822 0x08c0 clr_optimization_v2.0.50727_32 - ok
    02:32:01.0853 0x08c0 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    02:32:01.0869 0x08c0 clr_optimization_v4.0.30319_32 - ok
    02:32:01.0884 0x08c0 [ 99AFC3795B58CC478FBBBCDC658FCB56, 0D1B27C42A058C5D56A0157B5ECA9A054254F6B9C8015D0321021A7EFCE10CE2 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    02:32:01.0884 0x08c0 CmBatt - ok
    02:32:01.0900 0x08c0 [ 0CA25E686A4928484E9FDABD168AB629, C2CB2333CAB40CDF93219870E66700F957188C86A1B1A004BC4652953091E5C5 ] cmdide C:\Windows\system32\drivers\cmdide.sys
    02:32:01.0900 0x08c0 cmdide - ok
    02:32:01.0962 0x08c0 [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    02:32:01.0962 0x08c0 Compbatt - ok
    02:32:01.0962 0x08c0 COMSysApp - ok
    02:32:01.0978 0x08c0 [ 741E9DFF4F42D2D8477D0FC1DC0DF871, 06EA43D771E3455F943AB624CC00C2259FE5E561164908630755E933EF44A522 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    02:32:01.0993 0x08c0 crcdisk - ok
    02:32:02.0009 0x08c0 [ 1F07BECDCA750766A96CDA811BA86410, F4E36F0003184BCB36D59B23AC903421AD8C0A1FD2D6315E06375235ABC9A0AD ] Crusoe C:\Windows\system32\drivers\crusoe.sys
    02:32:02.0009 0x08c0 Crusoe - ok
    02:32:02.0040 0x08c0 [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    02:32:02.0056 0x08c0 CryptSvc - ok
    02:32:02.0149 0x08c0 [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch C:\Windows\system32\rpcss.dll
    02:32:02.0165 0x08c0 DcomLaunch - ok
    02:32:02.0181 0x08c0 [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    02:32:02.0196 0x08c0 DfsC - ok
    02:32:02.0337 0x08c0 [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR C:\Windows\system32\DFSR.exe
    02:32:02.0399 0x08c0 DFSR - ok
    02:32:02.0430 0x08c0 [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
    02:32:02.0430 0x08c0 Dhcp - ok
    02:32:02.0461 0x08c0 [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk C:\Windows\system32\drivers\disk.sys
    02:32:02.0461 0x08c0 disk - ok
    02:32:02.0493 0x08c0 [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache C:\Windows\System32\dnsrslvr.dll
    02:32:02.0508 0x08c0 Dnscache - ok
    02:32:02.0539 0x08c0 [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc C:\Windows\System32\dot3svc.dll
    02:32:02.0539 0x08c0 dot3svc - ok
    02:32:02.0586 0x08c0 [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS C:\Windows\system32\dps.dll
    02:32:02.0602 0x08c0 DPS - ok
    02:32:02.0633 0x08c0 [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    02:32:02.0633 0x08c0 drmkaud - ok
    02:32:02.0680 0x08c0 [ 988670D8343EF9835FB3659DB71B2EFA, 5F5370FDD08C4BFF0828341952E98E95F722CB779EEC08C9DD6212C4DF3CD33B ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    02:32:02.0695 0x08c0 DXGKrnl - ok
    02:32:02.0742 0x08c0 [ 5425F74AC0C1DBD96A1E04F17D63F94C, AD133CEDCDEA75420C75A91BB4CF7152475D46ED7B7703E3BAE5F9946D610292 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
    02:32:02.0742 0x08c0 E1G60 - ok
    02:32:02.0773 0x08c0 [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost C:\Windows\System32\eapsvc.dll
    02:32:02.0773 0x08c0 EapHost - ok
    02:32:02.0789 0x08c0 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache C:\Windows\system32\drivers\ecache.sys
    02:32:02.0789 0x08c0 Ecache - ok
    02:32:02.0820 0x08c0 [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    02:32:02.0836 0x08c0 ehRecvr - ok
    02:32:02.0851 0x08c0 [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched C:\Windows\ehome\ehsched.exe
    02:32:02.0851 0x08c0 ehSched - ok
    02:32:02.0867 0x08c0 [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart C:\Windows\ehome\ehstart.dll
    02:32:02.0867 0x08c0 ehstart - ok
    02:32:02.0898 0x08c0 [ 23B62471681A124889978F6295B3F4C6, A90C521F06125B86A26EA625B0E7F811AF7D328E1313165E7AD4A83596A23819 ] elxstor C:\Windows\system32\drivers\elxstor.sys
    02:32:02.0914 0x08c0 elxstor - ok
    02:32:02.0976 0x08c0 [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
    02:32:03.0007 0x08c0 EMDMgmt - ok
    02:32:03.0039 0x08c0 [ 3DB974F3935483555D7148663F726C61, C288CFC04213B0340ABEC752C0A7B308B29122B5F51E68387BA1D9E9D7166FDD ] ErrDev C:\Windows\system32\drivers\errdev.sys
    02:32:03.0039 0x08c0 ErrDev - ok
    02:32:03.0070 0x08c0 [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem C:\Windows\system32\es.dll
    02:32:03.0085 0x08c0 EventSystem - ok
    02:32:03.0117 0x08c0 [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat C:\Windows\system32\drivers\exfat.sys
    02:32:03.0117 0x08c0 exfat - ok
    02:32:03.0132 0x08c0 [ 1E9B9A70D332103C52995E957DC09EF8, 7E709D545D4025A2E9F3489CF2A231040904CB53E3E4EEAC15A22468FAB2A5B3 ] fastfat C:\Windows\system32\drivers\fastfat.sys
    02:32:03.0148 0x08c0 fastfat - ok
    02:32:03.0148 0x08c0 [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    02:32:03.0148 0x08c0 fdc - ok
    02:32:03.0163 0x08c0 [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost C:\Windows\system32\fdPHost.dll
    02:32:03.0163 0x08c0 fdPHost - ok
    02:32:03.0179 0x08c0 [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub C:\Windows\system32\fdrespub.dll
    02:32:03.0179 0x08c0 FDResPub - ok
    02:32:03.0210 0x08c0 [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    02:32:03.0210 0x08c0 FileInfo - ok
    02:32:03.0226 0x08c0 [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    02:32:03.0241 0x08c0 Filetrace - ok
    02:32:03.0241 0x08c0 [ 85B7CF99D532820495D68D747FDA9EBD, 682D35D219D1AFBE51CF0AB03F2D3E15C940F5AF291C1A611A19F4D279143F3C ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    02:32:03.0241 0x08c0 flpydisk - ok
    02:32:03.0257 0x08c0 [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    02:32:03.0273 0x08c0 FltMgr - ok
    02:32:03.0335 0x08c0 [ 2AFA3A46986AE935DAECEBC7E66314CF, 747FAF9B7F8291B83EE44B91E5708395E749DC87BD42CC3BF2CD41209C298F4D ] FontCache C:\Windows\system32\FntCache.dll
    02:32:03.0460 0x08c0 FontCache - ok
    02:32:03.0507 0x08c0 [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    02:32:03.0507 0x08c0 FontCache3.0.0.0 - ok
    02:32:03.0522 0x08c0 [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    02:32:03.0522 0x08c0 Fs_Rec - ok
    02:32:03.0553 0x08c0 [ 34582A6E6573D54A07ECE5FE24A126B5, 5F45DC38F8015AD90616EAD3B57820CCD284938A96B2C4E1FF5FC7BDEE8A848D ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    02:32:03.0553 0x08c0 gagp30kx - ok
    02:32:03.0616 0x08c0 [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc C:\Windows\System32\gpsvc.dll
    02:32:03.0678 0x08c0 gpsvc - ok
    02:32:03.0709 0x08c0 [ CB04C744BE0A61B1D648FAED182C3B59, 61DC0FF94325DAFCCB7B3980A48727EFBF1283FCF753EC16EF04C730525994C0 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    02:32:03.0725 0x08c0 HdAudAddService - ok
    02:32:03.0772 0x08c0 [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    02:32:03.0787 0x08c0 HDAudBus - ok
    02:32:03.0803 0x08c0 [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth C:\Windows\system32\drivers\hidbth.sys
    02:32:03.0819 0x08c0 HidBth - ok
    02:32:03.0819 0x08c0 [ D8DF3722D5E961BAA1292AA2F12827E2, 799E194B36BA08D59500A2C45ADD2FB69C7698F3F7F837CC7CFB266D57830BD6 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    02:32:03.0819 0x08c0 HidIr - ok
    02:32:03.0850 0x08c0 [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv C:\Windows\System32\hidserv.dll
    02:32:03.0850 0x08c0 hidserv - ok
    02:32:03.0865 0x08c0 [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    02:32:03.0865 0x08c0 HidUsb - ok
    02:32:03.0897 0x08c0 [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc C:\Windows\system32\kmsvc.dll
    02:32:03.0897 0x08c0 hkmsvc - ok
    02:32:03.0912 0x08c0 [ 16EE7B23A009E00D835CDB79574A91A6, 964AFE7D2F7E48C7DE7FDAB48F57ADC4AD44A0B2A9A03071E0E8D334007E5572 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
    02:32:03.0912 0x08c0 HpCISSs - ok
    02:32:03.0943 0x08c0 [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    02:32:03.0959 0x08c0 HTTP - ok
    02:32:03.0990 0x08c0 [ C6B032D69650985468160FC9937CF5B4, 4D5A944C70037F35A9DBA4F49F174455FA80ED7EAEDAA143F0A2C0E05AE585D8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
    02:32:03.0990 0x08c0 i2omp - ok
    02:32:04.0006 0x08c0 [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    02:32:04.0006 0x08c0 i8042prt - ok
    02:32:04.0068 0x08c0 [ 582F2D900A3AC34C98FBDC2C0ABEF6B9, 2B3879F89A8626FA560E6879F0E5B2AC4804C934EEA68B425A395D1114E64C4D ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    02:32:04.0084 0x08c0 IAANTMON - ok
    02:32:04.0099 0x08c0 [ 5A665FFDD5C08A5BBD469CB006993017, 5B230F30209F0B70557CD544B19A3F1163CBB173646C57310C86CC7BE225A4CD ] iaNvStor C:\Windows\system32\DRIVERS\iaNvStor.sys
    02:32:04.0115 0x08c0 iaNvStor - ok
    02:32:04.0131 0x08c0 [ FD7F9D74C2B35DBDA400804A3F5ED5D8, 93BAEE15428E9B3FF2D5F7EE156697EA8C24E176C3A8E56D1B1AFF4E541867E4 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
    02:32:04.0146 0x08c0 iaStor - ok
    02:32:04.0177 0x08c0 [ 54155EA1B0DF185878E0FC9EC3AC3A14, 344A0793499261D2E4FF2FCCC70501329485F8E299EBC68953D07BA86F0D4729 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
    02:32:04.0193 0x08c0 iaStorV - ok
    02:32:04.0271 0x08c0 [ 98477B08E61945F974ED9FDC4CB6BDAB, C7E8F661F6FBF6AB493E950D2E70363496E155B1838CE7B490B981BD840B04FC ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    02:32:04.0302 0x08c0 idsvc - ok
    02:32:04.0333 0x08c0 [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp C:\Windows\system32\drivers\iirsp.sys
    02:32:04.0333 0x08c0 iirsp - ok
    02:32:04.0380 0x08c0 [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] IKEEXT C:\Windows\System32\ikeext.dll
    02:32:04.0396 0x08c0 IKEEXT - ok
    02:32:04.0505 0x08c0 [ 5D854CBAC8B7B4B964406F9808C95FAE, DC2063BACF811A8B3CBC2D8876599FCA7533DD7C53F0EB70F6CE61B4AFF93B5C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
    02:32:04.0567 0x08c0 IntcAzAudAddService - ok
    02:32:04.0599 0x08c0 [ 83AA759F3189E6370C30DE5DC5590718, 7406FE41EA8FB80052517318CB72E2641E92E579FAFAF5E8DDDFF0BF8DAE773A ] intelide C:\Windows\system32\drivers\intelide.sys
    02:32:04.0599 0x08c0 intelide - ok
    02:32:04.0599 0x08c0 [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    02:32:04.0614 0x08c0 intelppm - ok
    02:32:04.0677 0x08c0 [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    02:32:04.0677 0x08c0 IPBusEnum - ok
    02:32:04.0708 0x08c0 [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    02:32:04.0708 0x08c0 IpFilterDriver - ok
    02:32:04.0723 0x08c0 [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    02:32:04.0739 0x08c0 iphlpsvc - ok
    02:32:04.0755 0x08c0 [ B25AAF203552B7B3491139D582B39AD1, EA9C38F512F40FF12975A6719E6FE4D7EA93A4B2497103E0FDA5A4CD6033C0A6 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
    02:32:04.0755 0x08c0 IPMIDRV - ok
    02:32:04.0770 0x08c0 [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
    02:32:04.0770 0x08c0 IPNAT - ok
    02:32:04.0770 0x08c0 [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    02:32:04.0770 0x08c0 IRENUM - ok
    02:32:04.0801 0x08c0 [ 6C70698A3E5C4376C6AB5C7C17FB0614, 10FBCBA5A74AF5D136B152FD4D3DFA2A1F2CEBC3F979D5BA6DB98B3DCB2F7A07 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    02:32:04.0801 0x08c0 isapnp - ok
    02:32:04.0817 0x08c0 [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
    02:32:04.0817 0x08c0 iScsiPrt - ok
    02:32:04.0833 0x08c0 [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
    02:32:04.0833 0x08c0 iteatapi - ok
    02:32:04.0848 0x08c0 [ E4B04A0D8B237ECF026D849439F1BCCE, 9ED1958C66E8045FD746344CA4AF46BFE7FC77006BF5E8B9EA5C22504F3DA9AC ] itecir C:\Windows\system32\DRIVERS\itecir.sys
    02:32:04.0848 0x08c0 itecir - ok
    02:32:04.0864 0x08c0 [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid C:\Windows\system32\drivers\iteraid.sys
    02:32:04.0864 0x08c0 iteraid - ok
    02:32:04.0879 0x08c0 [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    02:32:04.0879 0x08c0 kbdclass - ok
    02:32:04.0895 0x08c0 [ EDE59EC70E25C24581ADD1FBEC7325F7, 41B37778E9A12675FC0DF74606AAF18C652EB88513B3C4889C5C512E14587CEE ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    02:32:04.0895 0x08c0 kbdhid - ok
    02:32:04.0895 0x08c0 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso C:\Windows\system32\lsass.exe
    02:32:04.0895 0x08c0 KeyIso - ok
    02:32:04.0942 0x08c0 [ 4A1445EFA932A3BAF5BDB02D7131EE20, 9DD262ED72DF268FE024063788F54124E320D0775D8DC0C5CAD099CD5F655DA2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    02:32:04.0957 0x08c0 KSecDD - ok
    02:32:05.0004 0x08c0 [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm C:\Windows\system32\msdtckrm.dll
    02:32:05.0020 0x08c0 KtmRm - ok
    02:32:05.0035 0x08c0 [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer C:\Windows\System32\srvsvc.dll
    02:32:05.0051 0x08c0 LanmanServer - ok
    02:32:05.0067 0x08c0 [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    02:32:05.0082 0x08c0 LanmanWorkstation - ok
    02:32:05.0098 0x08c0 [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    02:32:05.0098 0x08c0 lltdio - ok
    02:32:05.0113 0x08c0 [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc C:\Windows\System32\lltdsvc.dll
    02:32:05.0145 0x08c0 lltdsvc - ok
    02:32:05.0145 0x08c0 [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts C:\Windows\System32\lmhsvc.dll
    02:32:05.0145 0x08c0 lmhosts - ok
    02:32:05.0176 0x08c0 [ C7E15E82879BF3235B559563D4185365, 98C9268ADF6BAEB0522BB84BE6C98D0D6D5EB4BD27BB61412D208232164C8435 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    02:32:05.0176 0x08c0 LSI_FC - ok
    02:32:05.0191 0x08c0 [ EE01EBAE8C9BF0FA072E0FF68718920A, 655924440E611278998226299645BC72B3627A8A057286DC8D65A162CFBBE484 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    02:32:05.0191 0x08c0 LSI_SAS - ok
    02:32:05.0207 0x08c0 [ 912A04696E9CA30146A62AFA1463DD5C, 1D336D47B9D1C8449F29CDB776C092235E3D70CE53D9440970533E376EB004D3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    02:32:05.0223 0x08c0 LSI_SCSI - ok
    02:32:05.0223 0x08c0 [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv C:\Windows\system32\drivers\luafv.sys
    02:32:05.0238 0x08c0 luafv - ok
    02:32:05.0254 0x08c0 [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    02:32:05.0254 0x08c0 Mcx2Svc - ok
    02:32:05.0285 0x08c0 [ 0001CE609D66632FA17B84705F658879, D5F9758BDC2B733307B565A74B33F5581FB425A5A9F32CCFA307DA1569EBD6CD ] megasas C:\Windows\system32\drivers\megasas.sys
    02:32:05.0285 0x08c0 megasas - ok
    02:32:05.0316 0x08c0 [ C252F32CD9A49DBFC25ECF26EBD51A99, 47EC8F475AB62A00FAF989CD2C3ABDF2922588F75CC15C83CD99A62EF6400FB0 ] MegaSR C:\Windows\system32\drivers\megasr.sys
    02:32:05.0316 0x08c0 MegaSR - ok
    02:32:05.0332 0x08c0 [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS C:\Windows\system32\mmcss.dll
    02:32:05.0332 0x08c0 MMCSS - ok
    02:32:05.0347 0x08c0 [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem C:\Windows\system32\drivers\modem.sys
    02:32:05.0347 0x08c0 Modem - ok
    02:32:05.0363 0x08c0 [ CBB59C41F19EFEA1A000793E08070A62, 4C3C01210DF9D00C05FA14FF5CEFB60C444CAEBFF3F49409EDE434D63F19B9F2 ] MODEMCSA C:\Windows\system32\drivers\MODEMCSA.sys
    02:32:05.0363 0x08c0 MODEMCSA - ok
    02:32:05.0394 0x08c0 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    02:32:05.0410 0x08c0 monitor - ok
    02:32:05.0410 0x08c0 [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    02:32:05.0410 0x08c0 mouclass - ok
    02:32:05.0425 0x08c0 [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    02:32:05.0425 0x08c0 mouhid - ok
    02:32:05.0441 0x08c0 [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
    02:32:05.0457 0x08c0 MountMgr - ok
    02:32:05.0472 0x08c0 [ 3B9398E0146855B1DC0E3D9769C80F01, DF69DB5CA30A5577648635C27DD468AF98515D07DF379B3FFDCC6B40744EDE66 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    02:32:05.0472 0x08c0 MozillaMaintenance - ok
    02:32:05.0503 0x08c0 [ E77DC03DD3C8E5A388BF9EED2A28F3D1, ED0DAA975D1EC35CE036F02596218E15CC6A054167628D12A0A5AD91B841F422 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
    02:32:05.0503 0x08c0 MpFilter - ok
    02:32:05.0581 0x08c0 [ 511D011289755DD9F9A7579FB0B064E6, 1FD0D0D5B6E08FE06F7A5D0821BCD859B0F98A6DEA58AAB7FB6C95B64212FFC8 ] mpio C:\Windows\system32\drivers\mpio.sys
    02:32:05.0597 0x08c0 mpio - ok
    02:32:05.0597 0x08c0 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    02:32:05.0597 0x08c0 mpsdrv - ok
    02:32:05.0628 0x08c0 [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc C:\Windows\system32\mpssvc.dll
    02:32:05.0659 0x08c0 MpsSvc - ok
    02:32:05.0675 0x08c0 [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
    02:32:05.0675 0x08c0 Mraid35x - ok
    02:32:05.0722 0x08c0 [ 82CEA0395524AACFEB58BA1448E8325C, 16E37990A291C848DE35F48EA7E09AE5B258AE589EB08A3FA2C60DC1278DE182 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    02:32:05.0722 0x08c0 MRxDAV - ok
    02:32:05.0737 0x08c0 [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    02:32:05.0737 0x08c0 mrxsmb - ok
    02:32:05.0753 0x08c0 [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    02:32:05.0769 0x08c0 mrxsmb10 - ok
    02:32:05.0784 0x08c0 [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    02:32:05.0784 0x08c0 mrxsmb20 - ok
    02:32:05.0784 0x08c0 [ 28023E86F17001F7CD9B15A5BC9AE07D, FC7EAA592C5F796E3BCD7F7EF261709CD899B33FC8486E594A480F143D0D6320 ] msahci C:\Windows\system32\drivers\msahci.sys
    02:32:05.0800 0x08c0 msahci - ok
    02:32:05.0800 0x08c0 [ 4468B0F385A86ECDDAF8D3CA662EC0E7, EAEDC9CDD2EEC5000AF8190A4BE7729282576C3F88E64FDF57F455F5CECC81C9 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    02:32:05.0800 0x08c0 msdsm - ok
    02:32:05.0831 0x08c0 [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC C:\Windows\System32\msdtc.exe
    02:32:05.0847 0x08c0 MSDTC - ok
    02:32:05.0862 0x08c0 [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    02:32:05.0862 0x08c0 Msfs - ok
    02:32:05.0862 0x08c0 [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    02:32:05.0862 0x08c0 msisadrv - ok
    02:32:05.0893 0x08c0 [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    02:32:05.0893 0x08c0 MSiSCSI - ok
    02:32:05.0909 0x08c0 msiserver - ok
    02:32:05.0925 0x08c0 [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    02:32:05.0925 0x08c0 MSKSSRV - ok
    02:32:05.0940 0x08c0 [ B0F49DA36F30922F5DDC3B623B778FCE, EE025AEFA4A2095AFEABFB3A49639DA77D78068A3F5EEDA6C15D34853AFD5609 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
    02:32:05.0940 0x08c0 MsMpSvc - ok
    02:32:05.0940 0x08c0 [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    02:32:05.0956 0x08c0 MSPCLOCK - ok
    02:32:05.0956 0x08c0 [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    02:32:05.0956 0x08c0 MSPQM - ok
    02:32:05.0971 0x08c0 [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    02:32:05.0987 0x08c0 MsRPC - ok
    02:32:05.0987 0x08c0 [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    02:32:05.0987 0x08c0 mssmbios - ok
    02:32:06.0003 0x08c0 [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    02:32:06.0003 0x08c0 MSTEE - ok
    02:32:06.0018 0x08c0 [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup C:\Windows\system32\Drivers\mup.sys
    02:32:06.0018 0x08c0 Mup - ok
    02:32:06.0065 0x08c0 [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent C:\Windows\system32\qagentRT.dll
    02:32:06.0081 0x08c0 napagent - ok
    02:32:06.0127 0x08c0 [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    02:32:06.0143 0x08c0 NativeWifiP - ok
    02:32:06.0174 0x08c0 [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS C:\Windows\system32\drivers\ndis.sys
    02:32:06.0190 0x08c0 NDIS - ok
    02:32:06.0205 0x08c0 [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    02:32:06.0205 0x08c0 NdisTapi - ok
    02:32:06.0221 0x08c0 [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    02:32:06.0221 0x08c0 Ndisuio - ok
    02:32:06.0237 0x08c0 [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    02:32:06.0237 0x08c0 NdisWan - ok
    02:32:06.0252 0x08c0 [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    02:32:06.0252 0x08c0 NDProxy - ok
    02:32:06.0268 0x08c0 [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    02:32:06.0268 0x08c0 NetBIOS - ok
    02:32:06.0283 0x08c0 [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt C:\Windows\system32\DRIVERS\netbt.sys
    02:32:06.0299 0x08c0 netbt - ok
    02:32:06.0299 0x08c0 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon C:\Windows\system32\lsass.exe
    02:32:06.0299 0x08c0 Netlogon - ok
    02:32:06.0330 0x08c0 [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman C:\Windows\System32\netman.dll
    02:32:06.0346 0x08c0 Netman - ok
  10. rogerthat69

    rogerthat69 Newcomer, in training Topic Starter Posts: 47

    TDS Log Part 2:


    02:32:06.0377 0x08c0 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    02:32:06.0377 0x08c0 NetMsmqActivator - ok
    02:32:06.0408 0x08c0 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    02:32:06.0408 0x08c0 NetPipeActivator - ok
    02:32:06.0455 0x08c0 [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm C:\Windows\System32\netprofm.dll
    02:32:06.0455 0x08c0 netprofm - ok
    02:32:06.0471 0x08c0 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    02:32:06.0471 0x08c0 NetTcpActivator - ok
    02:32:06.0486 0x08c0 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    02:32:06.0486 0x08c0 NetTcpPortSharing - ok
    02:32:06.0627 0x08c0 [ 6522DD40A5F67CED020BD81B856613FB, 2242703412FA89B2D6E9A7025D0C14DFC0BFC66890D295BDA839274C313B4BAF ] NETw4v32 C:\Windows\system32\DRIVERS\NETw4v32.sys
    02:32:06.0705 0x08c0 NETw4v32 - ok
    02:32:06.0736 0x08c0 [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    02:32:06.0736 0x08c0 nfrd960 - ok
    02:32:06.0767 0x08c0 [ 37260A293B6A89373AE76791E6CC5A12, C9F50C816CCA7E100D08A9B3D9F2276073767504DC0044E9D332FB5FE15CB7F4 ] nhcDriverDevice C:\Windows\system32\drivers\nhcDriver.sys
    02:32:06.0814 0x08c0 nhcDriverDevice - ok
    02:32:06.0845 0x08c0 [ 32FF06EC6D946EF791D98D6C838A3090, 319BDD491CB22D0CCCCE76A2854CF469D7AF046289F9C56CD03AE3D3CBC0275E ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    02:32:06.0845 0x08c0 NisDrv - ok
    02:32:06.0892 0x08c0 [ 42D33042371BFB1A7D40834590CAFD30, 53DA3618EC10293B2DF686E291A4EF6ACBBD41D116EC762D54106D201A784E87 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
    02:32:06.0892 0x08c0 NisSrv - ok
    02:32:06.0954 0x08c0 [ CCC9F57D8BDB89F0D0995131A656DE31, 0E2303C3F352EA734198E3BA3C8BBBA7CD56772EBD786374375E01893540C207 ] NitroReaderDriverReadSpool2 C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
    02:32:06.0970 0x08c0 NitroReaderDriverReadSpool2 - ok
    02:32:06.0985 0x08c0 [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc C:\Windows\System32\nlasvc.dll
    02:32:07.0001 0x08c0 NlaSvc - ok
    02:32:07.0001 0x08c0 [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    02:32:07.0017 0x08c0 Npfs - ok
    02:32:07.0017 0x08c0 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi C:\Windows\system32\nsisvc.dll
    02:32:07.0017 0x08c0 nsi - ok
    02:32:07.0032 0x08c0 [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    02:32:07.0032 0x08c0 nsiproxy - ok
    02:32:07.0110 0x08c0 [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    02:32:07.0141 0x08c0 Ntfs - ok
    02:32:07.0173 0x08c0 [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
    02:32:07.0173 0x08c0 ntrigdigi - ok
    02:32:07.0188 0x08c0 [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null C:\Windows\system32\drivers\Null.sys
    02:32:07.0188 0x08c0 Null - ok
    02:32:07.0781 0x08c0 [ 2713392707E515EFB671751FA767EBD2, A29F9F84A5C4D74DE53A975DA339217542636DF8DE4C336CFDEA117DE5724280 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
    02:32:08.0109 0x08c0 nvlddmkm - ok
    02:32:08.0218 0x08c0 [ 2EDF9E7751554B42CBB60116DE727101, 37A0AA78E83DBB5A788F7F067EB71DDF6CCC72A66BB41B209E1A5E2F68F8AF9B ] nvraid C:\Windows\system32\drivers\nvraid.sys
    02:32:08.0218 0x08c0 nvraid - ok
    02:32:08.0233 0x08c0 [ ABED0C09758D1D97DB0042DBB2688177, 84B9BF886EF9181915E8AB6D971446BC681E6DE4485DBECD62838EAFA10E7F46 ] nvstor C:\Windows\system32\drivers\nvstor.sys
    02:32:08.0233 0x08c0 nvstor - ok
    02:32:08.0249 0x08c0 nvsvc - ok
    02:32:08.0280 0x08c0 [ 18BBDF913916B71BD54575BDB6EEAC0B, 5FBA165149AB09E869DCE35622E91CFC964BDD22B31A5E76CF12F1565402B207 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    02:32:08.0280 0x08c0 nv_agp - ok
    02:32:08.0280 0x08c0 [ 6F310E890D46E246E0E261A63D9B36B4, 7050B0C43CC0DF2DDAD3EB8D2FF9EEE425A627C68654CBB154D55A4B1A47AA08 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
    02:32:08.0296 0x08c0 ohci1394 - ok
    02:32:08.0343 0x08c0 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc C:\Windows\system32\p2psvc.dll
    02:32:08.0389 0x08c0 p2pimsvc - ok
    02:32:08.0436 0x08c0 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc C:\Windows\system32\p2psvc.dll
    02:32:08.0452 0x08c0 p2psvc - ok
    02:32:08.0467 0x08c0 [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport C:\Windows\system32\drivers\parport.sys
    02:32:08.0467 0x08c0 Parport - ok
    02:32:08.0483 0x08c0 [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr C:\Windows\system32\drivers\partmgr.sys
    02:32:08.0483 0x08c0 partmgr - ok
    02:32:08.0499 0x08c0 [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
    02:32:08.0499 0x08c0 Parvdm - ok
    02:32:08.0514 0x08c0 [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc C:\Windows\System32\pcasvc.dll
    02:32:08.0514 0x08c0 PcaSvc - ok
    02:32:08.0530 0x08c0 [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci C:\Windows\system32\drivers\pci.sys
    02:32:08.0545 0x08c0 pci - ok
    02:32:08.0561 0x08c0 [ FC175F5DDAB666D7F4D17449A547626F, 7D6108213D1AD3F97A3B83E491BCCC7D6F5BC72C32A182BDDE8736851A26C8D2 ] pciide C:\Windows\system32\drivers\pciide.sys
    02:32:08.0561 0x08c0 pciide - ok
    02:32:08.0592 0x08c0 [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
    02:32:08.0592 0x08c0 pcmcia - ok
    02:32:08.0655 0x08c0 [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    02:32:08.0686 0x08c0 PEAUTH - ok
    02:32:08.0795 0x08c0 [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla C:\Windows\system32\pla.dll
    02:32:08.0873 0x08c0 pla - ok
    02:32:08.0904 0x08c0 [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    02:32:08.0920 0x08c0 PlugPlay - ok
    02:32:08.0951 0x08c0 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
    02:32:08.0967 0x08c0 PNRPAutoReg - ok
    02:32:09.0013 0x08c0 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc C:\Windows\system32\p2psvc.dll
    02:32:09.0045 0x08c0 PNRPsvc - ok
    02:32:09.0091 0x08c0 [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    02:32:09.0123 0x08c0 PolicyAgent - ok
    02:32:09.0185 0x08c0 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    02:32:09.0185 0x08c0 PptpMiniport - ok
    02:32:09.0201 0x08c0 [ 2027293619DD0F047C584CF2E7DF4FFD, B7C172CCD08D8A30483D27536355ED1E5009B33629355B426470AFBA8542B394 ] Processor C:\Windows\system32\drivers\processr.sys
    02:32:09.0216 0x08c0 Processor - ok
    02:32:09.0232 0x08c0 [ 0508FAA222D28835310B7BFCA7A77346, 3AE2340C6E365F137CC00D9560069501DD2724756EA9EBF7A6CDFFC91B43709C ] ProfSvc C:\Windows\system32\profsvc.dll
    02:32:09.0247 0x08c0 ProfSvc - ok
    02:32:09.0247 0x08c0 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
    02:32:09.0247 0x08c0 ProtectedStorage - ok
    02:32:09.0263 0x08c0 [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
    02:32:09.0263 0x08c0 PSched - ok
    02:32:09.0341 0x08c0 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6, 8B7D44A7698B95FE34CBBE4FAB2F01EC1F5BA86C2B19672F99767E650E99BF1C ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    02:32:09.0388 0x08c0 ql2300 - ok
    02:32:09.0403 0x08c0 [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    02:32:09.0419 0x08c0 ql40xx - ok
    02:32:09.0450 0x08c0 [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE C:\Windows\system32\qwave.dll
    02:32:09.0466 0x08c0 QWAVE - ok
    02:32:09.0481 0x08c0 [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    02:32:09.0481 0x08c0 QWAVEdrv - ok
    02:32:09.0497 0x08c0 [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    02:32:09.0497 0x08c0 RasAcd - ok
    02:32:09.0497 0x08c0 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto C:\Windows\System32\rasauto.dll
    02:32:09.0513 0x08c0 RasAuto - ok
    02:32:09.0528 0x08c0 [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    02:32:09.0528 0x08c0 Rasl2tp - ok
    02:32:09.0559 0x08c0 [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan C:\Windows\System32\rasmans.dll
    02:32:09.0591 0x08c0 RasMan - ok
    02:32:09.0591 0x08c0 [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    02:32:09.0591 0x08c0 RasPppoe - ok
    02:32:09.0606 0x08c0 [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    02:32:09.0606 0x08c0 RasSstp - ok
    02:32:09.0622 0x08c0 [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    02:32:09.0637 0x08c0 rdbss - ok
    02:32:09.0637 0x08c0 [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    02:32:09.0653 0x08c0 RDPCDD - ok
    02:32:09.0700 0x08c0 [ FBC0BACD9C3D7F6956853F64A66E252D, 7672B10C7039295B152C02C96903E869FF2C0A88A2C3FA89BAE9F1D593B43569 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
    02:32:09.0700 0x08c0 rdpdr - ok
    02:32:09.0715 0x08c0 [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    02:32:09.0715 0x08c0 RDPENCDD - ok
    02:32:09.0762 0x08c0 [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    02:32:09.0762 0x08c0 RDPWD - ok
    02:32:09.0778 0x08c0 [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess C:\Windows\System32\mprdim.dll
    02:32:09.0793 0x08c0 RemoteAccess - ok
    02:32:09.0809 0x08c0 [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    02:32:09.0825 0x08c0 RemoteRegistry - ok
    02:32:09.0825 0x08c0 [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator C:\Windows\system32\locator.exe
    02:32:09.0825 0x08c0 RpcLocator - ok
    02:32:09.0871 0x08c0 [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs C:\Windows\system32\rpcss.dll
    02:32:09.0887 0x08c0 RpcSs - ok
    02:32:09.0903 0x08c0 [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    02:32:09.0903 0x08c0 rspndr - ok
    02:32:09.0949 0x08c0 [ 2C293F0F3295A599FB50D8FCF1FA6DED, EB0E69278BE3C30EF72CC1A6C41190E80B61B853254D979AF2F01C009B21C6CC ] RTCore32 C:\Program Files\RMClock\RTCore32.sys
    02:32:09.0996 0x08c0 RTCore32 - ok
    02:32:10.0012 0x08c0 [ 2D19A7469EA19993D0C12E627F4530BC, B59F0D4ACAA60ED95093FA561D4C5D87F26C9F6C646858772743038D97B2D6AB ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
    02:32:10.0027 0x08c0 RTL8169 - ok
    02:32:10.0027 0x08c0 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs C:\Windows\system32\lsass.exe
    02:32:10.0027 0x08c0 SamSs - ok
    02:32:10.0043 0x08c0 [ 4741F34251878FD0F12866FF94E3AA8D, CDA6C352C802318D16481D894BF946B18BF9A5D7504A89AE936607DA937B7956 ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys
    02:32:10.0059 0x08c0 SbieDrv - ok
    02:32:10.0074 0x08c0 [ B9F3B72ED5B3CD6A49F006668F99A065, BC76DD203AC6D53BC2C5DE92F5F7978F0F2F1F9C6C9FF7890176D869D99AF2C5 ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe
    02:32:10.0074 0x08c0 SbieSvc - ok
    02:32:10.0105 0x08c0 [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    02:32:10.0105 0x08c0 sbp2port - ok
    02:32:10.0121 0x08c0 [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr C:\Windows\System32\SCardSvr.dll
    02:32:10.0137 0x08c0 SCardSvr - ok
    02:32:10.0183 0x08c0 [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule C:\Windows\system32\schedsvc.dll
    02:32:10.0293 0x08c0 Schedule - ok
    02:32:10.0324 0x08c0 [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc C:\Windows\System32\certprop.dll
    02:32:10.0324 0x08c0 SCPolicySvc - ok
    02:32:10.0355 0x08c0 [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    02:32:10.0371 0x08c0 SDRSVC - ok
    02:32:10.0371 0x08c0 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    02:32:10.0371 0x08c0 secdrv - ok
    02:32:10.0386 0x08c0 [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon C:\Windows\system32\seclogon.dll
    02:32:10.0386 0x08c0 seclogon - ok
    02:32:10.0402 0x08c0 [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS C:\Windows\system32\sens.dll
    02:32:10.0402 0x08c0 SENS - ok
    02:32:10.0433 0x08c0 [ 68E44E331D46F0FB38F0863A84CD1A31, 0778D85B6869CE2610820DC9724360538BFE832426E898AEBC34E53D2AB4322B ] Serenum C:\Windows\system32\drivers\serenum.sys
    02:32:10.0433 0x08c0 Serenum - ok
    02:32:10.0433 0x08c0 [ C70D69A918B178D3C3B06339B40C2E1B, 40BEEECA4C797A3355F4B01C57C2763C33028F27826315062320789A496D0810 ] Serial C:\Windows\system32\drivers\serial.sys
    02:32:10.0449 0x08c0 Serial - ok
    02:32:10.0449 0x08c0 [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse C:\Windows\system32\drivers\sermouse.sys
    02:32:10.0449 0x08c0 sermouse - ok
    02:32:10.0480 0x08c0 [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv C:\Windows\system32\sessenv.dll
    02:32:10.0480 0x08c0 SessionEnv - ok
    02:32:10.0495 0x08c0 [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    02:32:10.0495 0x08c0 sffdisk - ok
    02:32:10.0511 0x08c0 [ E95D451F7EA3E583AEC75F3B3EE42DC5, B014BE4F9B0C79ECCE2537D1CF4AAD48ACB4C5AD3DACAC4444F0F465B9689921 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    02:32:10.0511 0x08c0 sffp_mmc - ok
    02:32:10.0511 0x08c0 [ 3D0EA348784B7AC9EA9BD9F317980979, 2500CE188C9B71C50E966FA575303AEFE50934E376C530AECEC7C7533C15EF08 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    02:32:10.0511 0x08c0 sffp_sd - ok
    02:32:10.0527 0x08c0 [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    02:32:10.0527 0x08c0 sfloppy - ok
    02:32:10.0542 0x08c0 [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess C:\Windows\System32\ipnathlp.dll
    02:32:10.0558 0x08c0 SharedAccess - ok
    02:32:10.0589 0x08c0 [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    02:32:10.0605 0x08c0 ShellHWDetection - ok
    02:32:10.0636 0x08c0 [ 93BEACC3815A4653A655C8BD7622FF63, 511DBFCE8DA6876BD062216EBA168F47A84F439C201885987A170783D4FEB197 ] Si3531 C:\Windows\system32\DRIVERS\Si3531.sys
    02:32:10.0651 0x08c0 Si3531 - ok
    02:32:10.0667 0x08c0 [ 165448BC832D424B97270C8D1276E24A, B6D69505835DB78F45D347D60438DB5B8F61F20085C8D0051E8B383DF0A11168 ] SiFilter C:\Windows\system32\DRIVERS\SiWinAcc.sys
    02:32:10.0667 0x08c0 SiFilter - ok
    02:32:10.0683 0x08c0 [ 9BE8EA3A8C7E6D47E710F6FA14B7442B, E6C2CDB148A361C558C54B3BB1850858FA3ABBD4FD3A9269B4C1D1BAD5991F4A ] SiRemFil C:\Windows\system32\DRIVERS\SiRemFil.sys
    02:32:10.0683 0x08c0 SiRemFil - ok
    02:32:10.0698 0x08c0 [ 1D76624A09A054F682D746B924E2DBC3, DC903DD466AB8899883253F09477B02E4E93A31C8B279F9F02BD555F1AA083B7 ] sisagp C:\Windows\system32\drivers\sisagp.sys
    02:32:10.0698 0x08c0 sisagp - ok
    02:32:10.0714 0x08c0 [ 43CB7AA756C7DB280D01DA9B676CFDE2, 08484CAEA0518C0A4CCCD292D8C803B27FEC453537EE1E4CEE74A7208356A474 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
    02:32:10.0714 0x08c0 SiSRaid2 - ok
    02:32:10.0729 0x08c0 [ A99C6C8B0BAA970D8AA59DDC50B57F94, 97AC9DD6DC4F58AC60E819B999BB157663EE7C1739521D16768AA9AC00DAD012 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    02:32:10.0729 0x08c0 SiSRaid4 - ok
    02:32:10.0948 0x08c0 [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc C:\Windows\system32\SLsvc.exe
    02:32:11.0073 0x08c0 slsvc - ok
    02:32:11.0135 0x08c0 [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify C:\Windows\system32\SLUINotify.dll
    02:32:11.0135 0x08c0 SLUINotify - ok
    02:32:11.0151 0x08c0 [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb C:\Windows\system32\DRIVERS\smb.sys
    02:32:11.0151 0x08c0 Smb - ok
    02:32:11.0213 0x08c0 [ 859E3ADC59D1C89A66AA6492C14D379E, 392F0AC179294F8416B2937EE149DE9C1062A757F6686B4AF3F3984A68D2929D ] smserial C:\Windows\system32\DRIVERS\smserial.sys
    02:32:11.0260 0x08c0 smserial - ok
    02:32:11.0275 0x08c0 [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    02:32:11.0275 0x08c0 SNMPTRAP - ok
    02:32:11.0291 0x08c0 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr C:\Windows\system32\drivers\spldr.sys
    02:32:11.0291 0x08c0 spldr - ok
    02:32:11.0307 0x08c0 [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler C:\Windows\System32\spoolsv.exe
    02:32:11.0307 0x08c0 Spooler - ok
    02:32:11.0338 0x08c0 [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv C:\Windows\system32\DRIVERS\srv.sys
    02:32:11.0338 0x08c0 srv - ok
    02:32:11.0353 0x08c0 [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    02:32:11.0369 0x08c0 srv2 - ok
    02:32:11.0385 0x08c0 [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    02:32:11.0385 0x08c0 srvnet - ok
    02:32:11.0431 0x08c0 [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    02:32:11.0447 0x08c0 SSDPSRV - ok
    02:32:11.0463 0x08c0 [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc C:\Windows\system32\sstpsvc.dll
    02:32:11.0463 0x08c0 SstpSvc - ok
    02:32:11.0525 0x08c0 [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc C:\Windows\System32\wiaservc.dll
    02:32:11.0541 0x08c0 stisvc - ok
    02:32:11.0556 0x08c0 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    02:32:11.0556 0x08c0 swenum - ok
    02:32:11.0572 0x08c0 [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv C:\Windows\System32\swprv.dll
    02:32:11.0587 0x08c0 swprv - ok
    02:32:11.0619 0x08c0 [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
    02:32:11.0619 0x08c0 Symc8xx - ok
    02:32:11.0634 0x08c0 [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
    02:32:11.0634 0x08c0 Sym_hi - ok
    02:32:11.0665 0x08c0 [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
    02:32:11.0665 0x08c0 Sym_u3 - ok
    02:32:11.0712 0x08c0 [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain C:\Windows\system32\sysmain.dll
    02:32:11.0728 0x08c0 SysMain - ok
    02:32:11.0759 0x08c0 [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
    02:32:11.0759 0x08c0 TabletInputService - ok
    02:32:11.0806 0x08c0 [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv C:\Windows\System32\tapisrv.dll
    02:32:11.0806 0x08c0 TapiSrv - ok
    02:32:11.0821 0x08c0 [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS C:\Windows\System32\tbssvc.dll
    02:32:11.0821 0x08c0 TBS - ok
    02:32:11.0899 0x08c0 [ 6D0D344F643E28B31262AC2682109A3C, 276736661876CE69A30CEED117AFCF26677221F278E234B9C7D03B85869B2C92 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    02:32:11.0915 0x08c0 Tcpip - ok
    02:32:11.0977 0x08c0 [ 6D0D344F643E28B31262AC2682109A3C, 276736661876CE69A30CEED117AFCF26677221F278E234B9C7D03B85869B2C92 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
    02:32:12.0009 0x08c0 Tcpip6 - ok
    02:32:12.0040 0x08c0 [ 5877A786EF27E42C4E84D1356F922302, 1CDCC7D91086DC0FE80057EE8E1AE609A38DD9D241BC17145E7811C916E662C3 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    02:32:12.0040 0x08c0 tcpipreg - ok
    02:32:12.0071 0x08c0 [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    02:32:12.0071 0x08c0 TDPIPE - ok
    02:32:12.0087 0x08c0 [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    02:32:12.0087 0x08c0 TDTCP - ok
    02:32:12.0087 0x08c0 [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    02:32:12.0102 0x08c0 tdx - ok
    02:32:12.0102 0x08c0 [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    02:32:12.0102 0x08c0 TermDD - ok
    02:32:12.0149 0x08c0 [ BB95DA09BEF6E7A131BFF3BA5032090D, BAF6997F8D944F85F0553957677866C7F22E72AA434BA45FFFB6CC41041070DC ] TermService C:\Windows\System32\termsrv.dll
    02:32:12.0165 0x08c0 TermService - ok
    02:32:12.0211 0x08c0 [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes C:\Windows\system32\shsvcs.dll
    02:32:12.0227 0x08c0 Themes - ok
    02:32:12.0227 0x08c0 [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER C:\Windows\system32\mmcss.dll
    02:32:12.0227 0x08c0 THREADORDER - ok
    02:32:12.0258 0x08c0 [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks C:\Windows\System32\trkwks.dll
    02:32:12.0258 0x08c0 TrkWks - ok
    02:32:12.0289 0x08c0 [ 91B6DFBA0FD7D0F4836FB711D1B5D81C, 5EC7D7FC05306927B025DE557F104A511470FAFC6359783C27246530966A100A ] TrueSight C:\Windows\system32\TrueSight.sys
    02:32:12.0399 0x08c0 TrueSight - ok
    02:32:12.0414 0x08c0 [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    02:32:12.0414 0x08c0 TrustedInstaller - ok
    02:32:12.0430 0x08c0 [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    02:32:12.0445 0x08c0 tssecsrv - ok
    02:32:12.0445 0x08c0 [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
    02:32:12.0445 0x08c0 tunmp - ok
    02:32:12.0461 0x08c0 [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    02:32:12.0461 0x08c0 tunnel - ok
    02:32:12.0477 0x08c0 [ 7D33C4DB2CE363C8518D2DFCF533941F, C6A539AD31B0BD9F895E0A537783AA75D5760C8590D83BA832D59A9B090CA0E9 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    02:32:12.0492 0x08c0 uagp35 - ok
    02:32:12.0523 0x08c0 [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    02:32:12.0523 0x08c0 udfs - ok
    02:32:12.0539 0x08c0 [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    02:32:12.0555 0x08c0 UI0Detect - ok
    02:32:12.0586 0x08c0 [ B0ACFDC9E4AF279E9116C03E014B2B27, 455D30859E381361FF6EE8B01EDC22A2E66CD5EC22CA9F314E88009DB77A8BAF ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    02:32:12.0586 0x08c0 uliagpkx - ok
    02:32:12.0617 0x08c0 [ 9224BB254F591DE4CA8D572A5F0D635C, C5E7B24587AC5A28ECA63300307AD95B8A846833340126AE378840A40E53C056 ] uliahci C:\Windows\system32\drivers\uliahci.sys
    02:32:12.0617 0x08c0 uliahci - ok
    02:32:12.0633 0x08c0 [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata C:\Windows\system32\drivers\ulsata.sys
    02:32:12.0633 0x08c0 UlSata - ok
    02:32:12.0648 0x08c0 [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
    02:32:12.0664 0x08c0 ulsata2 - ok
    02:32:12.0664 0x08c0 [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    02:32:12.0664 0x08c0 umbus - ok
    02:32:12.0679 0x08c0 [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost C:\Windows\System32\upnphost.dll
    02:32:12.0695 0x08c0 upnphost - ok
    02:32:12.0711 0x08c0 [ AAB0B5F72D2D726FBFDC895A2902DE1D, 7824AF6E2ADEA23F208526F3A62AD1BACDBBDB23E58EB5806890B0761529C50F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    02:32:12.0711 0x08c0 usbccgp - ok
    02:32:12.0742 0x08c0 [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    02:32:12.0742 0x08c0 usbcir - ok
    02:32:12.0742 0x08c0 [ 153E8515CB86F8BB5D1A8B478EBF4BB2, 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    02:32:12.0757 0x08c0 usbehci - ok
    02:32:12.0773 0x08c0 [ 2AE6BCEBD85D31317E433733DAF25888, 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    02:32:12.0773 0x08c0 usbhub - ok
    02:32:12.0789 0x08c0 [ 38DBC7DD6CC5A72011F187425384388B, 456CFCD190035C3033709C8DC0F6DC4352BBF751D57C0C52DD04F8C301FEBACD ] usbohci C:\Windows\system32\drivers\usbohci.sys
    02:32:12.0789 0x08c0 usbohci - ok
    02:32:12.0804 0x08c0 [ B51E52ACF758BE00EF3A58EA452FE360, 79E629EC5DE8AB7F31B0EE9AE94C71E8F703FED5C09A816228726974F7790C85 ] usbprint C:\Windows\system32\drivers\usbprint.sys
    02:32:12.0804 0x08c0 usbprint - ok
    02:32:12.0820 0x08c0 [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    02:32:12.0820 0x08c0 USBSTOR - ok
    02:32:12.0835 0x08c0 [ 44056325428A8E4C755830426E29878F, 95F182047746D352B7DC2B22298D5E58738E1B787C110D1DE841C026FB8A67EB ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    02:32:12.0835 0x08c0 usbuhci - ok
    02:32:12.0851 0x08c0 [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms C:\Windows\System32\uxsms.dll
    02:32:12.0851 0x08c0 UxSms - ok
    02:32:12.0898 0x08c0 [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds C:\Windows\System32\vds.exe
    02:32:12.0913 0x08c0 vds - ok
    02:32:12.0929 0x08c0 [ 87B06E1F30B749A114F74622D013F8D4, 06C06EF87F7DC668D23B50AA5F419F62474ACF90E325E167491BF290286D6594 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    02:32:12.0929 0x08c0 vga - ok
    02:32:12.0929 0x08c0 [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave C:\Windows\System32\drivers\vga.sys
    02:32:12.0929 0x08c0 VgaSave - ok
    02:32:12.0945 0x08c0 [ 5D7159DEF58A800D5781BA3A879627BC, 499A8E51FDE61AE0D7C1812D1E5B331211A36BD095A4992C629B93DE6D80F4E6 ] viaagp C:\Windows\system32\drivers\viaagp.sys
    02:32:12.0945 0x08c0 viaagp - ok
    02:32:12.0960 0x08c0 [ C4F3A691B5BAD343E6249BD8C2D45DEE, 19DE07AD6CD51036FA8A6B8EE82F34D7F5264FF3A12CBE6E52BD036D0303E319 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
    02:32:12.0960 0x08c0 ViaC7 - ok
    02:32:12.0991 0x08c0 [ AADF5587A4063F52C2C3FED7887426FC, 0A74791A236FDAFCD045CFB79A159245B94F7C2033E0CD830C1B76F0F994E06D ] viaide C:\Windows\system32\drivers\viaide.sys
    02:32:12.0991 0x08c0 viaide - ok
    02:32:12.0991 0x08c0 [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    02:32:13.0007 0x08c0 volmgr - ok
    02:32:13.0023 0x08c0 [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    02:32:13.0038 0x08c0 volmgrx - ok
    02:32:13.0054 0x08c0 [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    02:32:13.0069 0x08c0 volsnap - ok
    02:32:13.0085 0x08c0 [ 587253E09325E6BF226B299774B728A9, C9F46197819C2A095456393C518A9B00B59ECDC54F464D038AA7F8DCCDB93CCF ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    02:32:13.0085 0x08c0 vsmraid - ok
    02:32:13.0163 0x08c0 [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS C:\Windows\system32\vssvc.exe
    02:32:13.0210 0x08c0 VSS - ok
    02:32:13.0241 0x08c0 [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time C:\Windows\system32\w32time.dll
    02:32:13.0257 0x08c0 W32Time - ok
    02:32:13.0272 0x08c0 [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    02:32:13.0288 0x08c0 WacomPen - ok
    02:32:13.0288 0x08c0 [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
    02:32:13.0288 0x08c0 Wanarp - ok
    02:32:13.0303 0x08c0 [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    02:32:13.0303 0x08c0 Wanarpv6 - ok
    02:32:13.0350 0x08c0 [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc C:\Windows\System32\wcncsvc.dll
    02:32:13.0366 0x08c0 wcncsvc - ok
    02:32:13.0397 0x08c0 [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    02:32:13.0413 0x08c0 WcsPlugInService - ok
    02:32:13.0413 0x08c0 [ 78FE9542363F297B18C027B2D7E7C07F, 6BC3ED2A48EF41E1EE597FD58271DB12256EC013518663331CD0FBCB3FC415EE ] Wd C:\Windows\system32\drivers\wd.sys
    02:32:13.0413 0x08c0 Wd - ok
    02:32:13.0475 0x08c0 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    02:32:13.0491 0x08c0 Wdf01000 - ok
    02:32:13.0506 0x08c0 [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost C:\Windows\system32\wdi.dll
    02:32:13.0506 0x08c0 WdiServiceHost - ok
    02:32:13.0522 0x08c0 [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost C:\Windows\system32\wdi.dll
    02:32:13.0522 0x08c0 WdiSystemHost - ok
    02:32:13.0553 0x08c0 [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient C:\Windows\System32\webclnt.dll
    02:32:13.0569 0x08c0 WebClient - ok
    02:32:13.0584 0x08c0 [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc C:\Windows\system32\wecsvc.dll
    02:32:13.0600 0x08c0 Wecsvc - ok
    02:32:13.0615 0x08c0 [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport C:\Windows\System32\wercplsupport.dll
    02:32:13.0615 0x08c0 wercplsupport - ok
    02:32:13.0631 0x08c0 [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc C:\Windows\System32\WerSvc.dll
    02:32:13.0631 0x08c0 WerSvc - ok
    02:32:13.0662 0x08c0 [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
    02:32:13.0693 0x08c0 WinDefend - ok
    02:32:13.0693 0x08c0 WinHttpAutoProxySvc - ok
    02:32:13.0740 0x08c0 [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    02:32:13.0756 0x08c0 Winmgmt - ok
    02:32:13.0834 0x08c0 [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM C:\Windows\system32\WsmSvc.dll
    02:32:13.0881 0x08c0 WinRM - ok
    02:32:13.0943 0x08c0 [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc C:\Windows\System32\wlansvc.dll
    02:32:13.0959 0x08c0 Wlansvc - ok
    02:32:13.0974 0x08c0 [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
    02:32:13.0974 0x08c0 WmiAcpi - ok
    02:32:14.0005 0x08c0 [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    02:32:14.0005 0x08c0 wmiApSrv - ok
    02:32:14.0083 0x08c0 [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
    02:32:14.0099 0x08c0 WMPNetworkSvc - ok
    02:32:14.0146 0x08c0 [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc C:\Windows\System32\wpcsvc.dll
    02:32:14.0146 0x08c0 WPCSvc - ok
    02:32:14.0177 0x08c0 [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    02:32:14.0193 0x08c0 WPDBusEnum - ok
    02:32:14.0271 0x08c0 [ F8D3544ACBCE9110362119F7C10D848E, 31C49201A931751A36286874AC0B929D886F490D7CE48CCC9283850A56AD9FD9 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    02:32:14.0317 0x08c0 WPFFontCache_v0400 - ok
    02:32:14.0364 0x08c0 [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    02:32:14.0364 0x08c0 ws2ifsl - ok
    02:32:14.0380 0x08c0 [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc C:\Windows\System32\wscsvc.dll
    02:32:14.0380 0x08c0 wscsvc - ok
    02:32:14.0395 0x08c0 WSearch - ok
    02:32:14.0536 0x08c0 [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv C:\Windows\system32\wuaueng.dll
    02:32:14.0614 0x08c0 wuauserv - ok
    02:32:14.0707 0x08c0 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    02:32:14.0707 0x08c0 WudfPf - ok
    02:32:14.0739 0x08c0 [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    02:32:14.0739 0x08c0 WUDFRd - ok
    02:32:14.0785 0x08c0 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    02:32:14.0785 0x08c0 wudfsvc - ok
    02:32:14.0801 0x08c0 ================ Scan global ===============================
    02:32:14.0817 0x08c0 [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
    02:32:14.0848 0x08c0 [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
    02:32:14.0895 0x08c0 [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
    02:32:14.0926 0x08c0 [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\system32\services.exe
    02:32:14.0941 0x08c0 [ Global ] - ok
    02:32:14.0941 0x08c0 ================ Scan MBR ==================================
    02:32:14.0973 0x08c0 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
    02:32:15.0129 0x08c0 \Device\Harddisk0\DR0 - ok
    02:32:15.0129 0x08c0 ================ Scan VBR ==================================
    02:32:15.0144 0x08c0 [ 723348ADAE42CE8696CFDCFD60D5F04D ] \Device\Harddisk0\DR0\Partition1
    02:32:15.0144 0x08c0 \Device\Harddisk0\DR0\Partition1 - ok
    02:32:15.0144 0x08c0 [ 302F454158EEDED4D901418B84578D08 ] \Device\Harddisk0\DR0\Partition2
    02:32:15.0144 0x08c0 \Device\Harddisk0\DR0\Partition2 - ok
    02:32:15.0144 0x08c0 Waiting for KSN requests completion. In queue: 279
    02:32:16.0158 0x08c0 Waiting for KSN requests completion. In queue: 279
    02:32:17.0172 0x08c0 Waiting for KSN requests completion. In queue: 279
    02:32:18.0311 0x08c0 AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.4.304.0 ), 0x61000 ( enabled : updated )
    02:32:18.0358 0x08c0 Win FW state via NFP2: enabled
    02:32:21.0135 0x08c0 ============================================================
    02:32:21.0135 0x08c0 Scan finished
    02:32:21.0135 0x08c0 ============================================================
    02:32:21.0135 0x0ff0 Detected object count: 0
    02:32:21.0135 0x0ff0 Actual detected object count: 0
  11. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  12. rogerthat69

    rogerthat69 Newcomer, in training Topic Starter Posts: 47

    Combofix-LOG: (part 1)

    Infected file;(a copy!) ntdll.dll was disinfected and replaced

    Other erasements: wininit.ini and setup.exe

    What about the "locked registerkeys" JAVA plug-ins? A lot of them!

    After reboot I could not open/start my Firefox in Sandbox-mode! Error code 1018
    which says the registerkey is marked for delete? Combofix?

    ************************************************************


    ComboFix 14-01-27.02 - Ägaren 2014-01-27 20:20:55.2.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.2046.1345 [GMT 1:00]
    Körs från: c:\users\-garen\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\Setup.exe
    c:\windows\wininit.ini
    .
    En infekterad kopia av c:\windows\system32\ntdll.dll hittades och desinficerades.
    Återställd kopia från - c:\windows\winsxs\x86_microsoft-windows-ntdll_31bf3856ad364e35_6.0.6002.23154_none_5b14cd6b1296a32b\ntdll.dll
    .
    .
    (((((((((((((((((((((((( Filer skapade från 2013-12-27 till 2014-01-27 ))))))))))))))))))))))))))))))
    .
    .
    2014-01-27 19:25 . 2014-01-27 19:26 -------- d-----w- c:\users\Ägaren\AppData\Local\temp
    2014-01-27 19:25 . 2014-01-27 19:25 -------- d-----w- c:\users\Yxan\AppData\Local\temp
    2014-01-27 19:25 . 2014-01-27 19:25 -------- d-----w- c:\users\Public\AppData\Local\temp
    2014-01-27 19:25 . 2014-01-27 19:25 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-01-27 01:12 . 2013-12-03 17:57 7760024 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5E496060-759B-4BB4-9115-FF354F329E9B}\mpengine.dll
    2014-01-27 01:02 . 2014-01-27 01:02 107224 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-01-27 00:59 . 2014-01-27 01:10 -------- d-----w- c:\program files\mbar
    2014-01-26 23:45 . 2014-01-27 00:34 26624 ----a-w- c:\windows\system32\TrueSight.sys
    2014-01-26 17:04 . 2013-12-03 17:57 7760024 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2014-01-26 16:08 . 2014-01-26 16:08 -------- d--h--w- c:\windows\PIF
    2014-01-23 17:28 . 2013-12-28 23:19 719224 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2014-01-23 17:28 . 2013-12-28 23:19 719224 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8C23D153-8AC1-4CBD-AAF1-7C9FB6AEE1DC}\gapaengine.dll
    2014-01-21 15:20 . 2014-01-21 15:20 -------- d-----w- c:\windows\CheckSur
    2014-01-18 12:50 . 2014-01-18 12:50 -------- d-----r- C:\Sandbox
    2014-01-18 01:41 . 2014-01-18 01:41 -------- d-----w- c:\program files\Sandboxie
    2014-01-15 11:03 . 2014-01-15 11:03 -------- d-----w- c:\windows\Migration
    2014-01-09 21:45 . 2014-01-09 22:20 -------- d-----w- C:\mbar
    2014-01-09 20:42 . 2014-01-27 00:59 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-01-08 23:02 . 2014-01-08 23:02 -------- d-----w- c:\users\Ägaren\AppData\Local\adawarebp
    2014-01-06 22:40 . 2014-01-06 22:40 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys
    2014-01-06 22:39 . 2014-01-06 22:39 -------- d-----w- c:\program files\Notebook Hardware Control
    2014-01-04 14:58 . 2014-01-04 14:58 -------- d-----w- c:\program files\Belarc
    2013-12-31 12:25 . 2013-12-31 12:25 -------- d-----w- C:\getservices
    2013-12-30 08:08 . 2013-12-30 08:09 -------- d-----w- c:\users\Ägaren\AppData\Local\Adobe
    2013-12-29 15:07 . 2013-12-29 15:07 -------- d-----w- c:\program files\Mozilla Maintenance Service
    2013-12-29 14:54 . 2013-12-29 14:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2013-12-29 14:54 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-12-29 14:39 . 2013-12-29 14:39 -------- d-----w- c:\program files\RMClock
    2013-12-28 23:18 . 2013-10-11 02:08 36864 ----a-w- c:\windows\system32\wshcon.dll
    2013-12-28 23:18 . 2013-10-11 02:08 131072 ----a-w- c:\windows\system32\wshom.ocx
    2013-12-28 23:18 . 2013-10-11 02:08 172032 ----a-w- c:\windows\system32\scrrun.dll
    2013-12-28 23:18 . 2013-10-11 00:35 135168 ----a-w- c:\windows\system32\cscript.exe
    2013-12-28 23:18 . 2013-10-11 00:35 155648 ----a-w- c:\windows\system32\wscript.exe
    2013-12-28 23:17 . 2013-10-30 00:35 2050560 ----a-w- c:\windows\system32\win32k.sys
    2013-12-28 23:17 . 2013-10-30 02:12 335360 ----a-w- c:\windows\system32\SysFxUI.dll
    2013-12-28 23:17 . 2013-10-30 01:43 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
    2013-12-28 23:17 . 2013-10-30 00:43 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
    2013-12-28 23:17 . 2013-10-11 02:08 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
    2013-12-28 23:14 . 2013-12-28 23:15 -------- d-----w- c:\program files\Microsoft Security Client
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-01-19 07:32 . 2013-10-21 16:01 231584 ------w- c:\windows\system32\MpSigStub.exe
    2014-01-09 22:03 . 2014-01-09 22:03 104664 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys.bak
    2014-01-08 01:03 . 2006-11-01 12:07 334720 ----a-w- c:\program files\RootkitRevealer.exe
    2013-12-30 08:09 . 2013-10-24 09:19 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-12-30 08:09 . 2013-10-24 09:19 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-11-14 22:50 . 2013-12-28 09:38 1806848 ----a-w- c:\windows\system32\jscript9.dll
    2013-11-14 22:43 . 2013-12-12 00:27 1105408 ----a-w- c:\windows\system32\urlmon(634).dll
    2013-11-14 22:42 . 2013-12-12 00:27 1129472 ----a-w- c:\windows\system32\wininet.dll
    2013-11-14 22:42 . 2013-12-12 00:27 1129472 ----a-w- c:\windows\system32\wininet(747).dll
    2013-11-14 22:42 . 2013-12-28 09:37 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2013-11-14 22:38 . 2013-12-28 09:38 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2013-11-14 22:38 . 2013-12-28 09:38 420864 ----a-w- c:\windows\system32\vbscript.dll
    2013-11-14 22:36 . 2013-12-12 00:27 1796096 ----a-w- c:\windows\system32\iertutil(582).dll
    2013-11-14 22:35 . 2013-12-28 09:38 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2013-11-12 17:43 . 2013-11-12 16:06 181064 ----a-w- c:\windows\PSEXESVC.EXE
    2013-11-10 04:35 . 2013-11-10 04:35 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-10-30 02:13 . 2008-01-21 02:23 1304064 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
    2013-09-20 13:30 . 2013-09-20 13:30 2260992 ----a-w- c:\program files\openoffice401.msi
    .
    .
    (((((((((((((((((((((((((((((((((( Startpunkter I registret )))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Not* tomma poster & legitima standardposter visas inte.
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
    2013-11-27 21:34 116248 ----a-w- c:\program files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll" [2013-11-27 116248]
    .
    [HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2013-12-10 455744]
    "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2013-10-16 543432]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 4468736]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
    "Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-09-27 559696]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2009-09-01 01:10 13797992 ----a-w- c:\windows\System32\nvcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2009-09-01 01:10 92776 ----a-w- c:\windows\System32\nvmctray.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
    2009-09-01 01:10 768616 ----a-w- c:\windows\System32\nvsvc.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
    2009-04-10 21:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
    2007-05-07 15:51 1826816 ----a-w- c:\windows\SkyTel.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
    2009-10-26 13:46 1458176 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
    2009-04-10 21:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    .
    ------- Extra genomsökning -------
    .
    uStart Page = about:blank
    TCP: DhcpNameServer = 83.255.245.11 193.150.193.150
    FF - ProfilePath - c:\users\Ägaren\AppData\Roaming\Mozilla\Firefox\Profiles\zmugow3t.default\
    FF - prefs.js: keyword.URL - hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=__installtime__&hsimp=yhs-lavasoft&ent=bs&q=
    FF - prefs.js: network.proxy.type - 0
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2014-01-27 20:26
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LÅSTA REGISTERNYCKLAR ---------------------
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.3.0_03"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.3.0_04"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.3.0_05"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.3.1"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.3.1_01"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.3.1_01"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.3.1_02"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.3.1_02"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.3.1_03"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.3.1_03"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.3.1_04"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.3.1_04"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.3.1_05"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.3.1_05"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.3.1_06"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.3.1_06"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.3.1_07"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.3.1_07"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.3.1_08"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.3.1_08"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.3.1_09"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.3.1_09"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.3.1_10"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.3.1_10"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.3.1_11"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.3.1_11"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.3.1_12"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.3.1_12"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.3.1_13"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.3.1_13"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.3.1_14"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.3.1_14"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.3.1_15"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.3.1_15"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.3.1_16"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.3.1_16"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.3.1_17"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.3.1_17"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.3.1_18"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.3.1_18"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.3.1_19"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.3.1_19"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.3.1_20"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.3.1_20"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.3.1_21"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.3.1_21"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.0"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.0"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.0_01"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.0_01"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.0_02"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.0_02"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.0_03"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.0_03"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.0_04"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.0_04"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.1"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.1"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.1_01"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.1_01"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.1_02"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.1_02"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.1_03"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.1_03"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.1_04"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.1_04"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.1_05"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.1_05"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.1_06"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.1_06"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.1_07"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.1_07"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_01"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_01"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_02"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_02"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_03"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_03"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_04"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_04"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_05"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_05"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_06"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_06"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_07"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_07"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_08"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_08"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_09"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_09"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_10"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_10"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_11"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_11"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_12"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_12"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_13"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_13"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_14"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_14"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_15"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_15"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_16"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_16"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_17"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_17"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_18"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_18"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_19"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_19"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_20"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_20"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_21"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_21"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_22"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_22"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_23"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_23"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_24"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_24"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_25"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_25"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_26"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_26"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_27"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_27"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_28"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_28"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_29"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_29"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_30"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_30"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0031-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_31"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0031-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_31"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0032-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_32"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0032-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_32"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0033-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_33"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0033-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_33"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0034-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_34"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0034-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_34"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0035-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_35"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0035-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_35"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0036-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_36"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0036-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_36"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0037-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_37"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0037-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_37"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0038-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_38"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0038-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_38"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0039-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_39"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0039-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_39"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0040-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_40"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0040-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_40"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0041-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_41"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0041-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_41"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0042-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_42"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0042-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_42"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0043-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_43"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0043-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2_43"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.4.2"
    .
  13. rogerthat69

    rogerthat69 Newcomer, in training Topic Starter Posts: 47

    Combofix-Log: (part 2)

    (near end it says in swedish "Andra processer som körs" = Other processes running)...(part 3)

    ...continuing.....

    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_01"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_01"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_01"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_02"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_02"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_02"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_03"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_03"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_03"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_04"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_04"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_04"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_05"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_05"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_05"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_06"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_06"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_06"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_07"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_07"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_07"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_08"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_08"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_08"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_09"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_09"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_09"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_10"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_10"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_10"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_11"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_11"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_11"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_12"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_12"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_12"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_13"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_13"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_13"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_14"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_14"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_14"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_15"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_15"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_15"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_16"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_16"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_16"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_17"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_17"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_17"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_18"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_18"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_18"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_19"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_19"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_19"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_20"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_20"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_20"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_21"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_21"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_21"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_22"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_22"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_22"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_23"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_23"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_23"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_24"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_24"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_24"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_25"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_25"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_25"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_26"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_26"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_26"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_27"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_27"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_27"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_28"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_28"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_28"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_29"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_29"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_29"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_30"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_30"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_30"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_31"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_31"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_31"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_32"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_32"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_32"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_33"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_33"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_33"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_34"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_34"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_34"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_35"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_35"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_35"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_36"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_36"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_36"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0037-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_37"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0037-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_37"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0037-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_37"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0038-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_38"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0038-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_38"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0038-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_38"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0039-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_39"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0039-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_39"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0039-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_39"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0040-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_40"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0040-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_40"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0040-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_40"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0041-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_41"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0041-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_41"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0041-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_41"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0042-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_42"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0042-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_42"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0042-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_42"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0043-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_43"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0043-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_43"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0043-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_43"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0044-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_44"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0044-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_44"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0044-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_44"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0045-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_45"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0045-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_45"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0045-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_45"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0046-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_46"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0046-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_46"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0046-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_46"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0047-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_47"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0047-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_47"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0047-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_47"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0048-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_48"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0048-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_48"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0048-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_48"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0049-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_49"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0049-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_49"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0049-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_49"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0050-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_50"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0050-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_50"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0050-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_50"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0051-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_51"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0051-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_51"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0051-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_51"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0052-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_52"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0052-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_52"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0052-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_52"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0053-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_53"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0053-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_53"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0053-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_53"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0054-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_54"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0054-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_54"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0054-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_54"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0055-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_55"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0055-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_55"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0055-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0_55"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.5.0"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_01"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_01"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_01"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_02"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_02"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_02"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_03"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_03"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_03"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_04"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_04"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_04"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_05"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_05"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_05"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_06"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_06"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_06"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_07"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_07"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_07"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_08"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_08"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_08"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_09"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_09"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_09"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_10"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_10"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_10"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_11"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_11"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_11"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_12"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_12"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_12"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_13"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_13"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_13"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_14"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_14"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_14"
    .
  14. rogerthat69

    rogerthat69 Newcomer, in training Topic Starter Posts: 47

    Combofix: (part 3)


    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_15"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_15"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_15"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_16"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_16"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_16"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_17"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_17"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_17"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_18"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_18"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_18"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_19"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_19"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_19"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_20"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_20"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_20"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_21"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_21"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_21"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_22"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_22"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_22"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_23"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_23"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_23"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_24"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_24"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_24"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_25"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_25"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_25"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_26"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_26"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_26"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_27"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_27"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_27"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_28"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_28"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_28"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_29"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_29"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_29"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_30"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_30"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_30"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_31"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_31"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_31"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_32"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_32"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_32"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_33"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_33"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_33"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_34"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_34"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_34"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_35"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_35"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_35"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_36"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_36"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_36"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_37"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_37"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_37"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_38"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_38"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_38"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_39"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_39"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_39"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0040-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_40"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0040-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_40"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0040-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_40"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0041-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_41"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0041-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_41"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0041-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_41"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0042-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_42"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0042-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_42"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0042-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_42"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0043-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_43"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0043-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_43"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0043-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_43"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0044-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_44"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0044-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_44"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0044-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_44"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_45"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_45"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_45"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0046-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_46"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0046-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_46"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0046-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_46"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0047-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_47"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0047-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_47"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0047-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_47"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0048-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_48"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0048-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_48"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0048-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_48"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0049-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_49"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0049-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_49"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0049-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_49"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0050-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_50"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0050-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_50"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0050-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_50"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0051-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_51"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0051-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_51"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0051-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_51"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0052-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_52"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0052-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_52"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0052-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_52"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0053-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_53"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0053-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_53"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0053-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_53"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0054-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_54"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0054-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_54"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0054-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_54"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0055-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_55"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0055-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_55"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0055-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_55"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0056-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_56"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0056-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_56"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0056-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_56"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0057-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_57"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0057-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_57"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0057-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_57"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0058-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_58"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0058-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_58"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0058-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_58"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0059-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_59"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0059-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_59"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0059-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_59"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0060-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_60"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0060-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_60"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0060-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_60"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0061-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_61"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0061-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_61"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0061-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_61"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0062-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_62"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0062-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_62"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0062-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_62"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0063-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_63"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0063-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_63"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0063-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_63"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0064-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_64"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0064-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_64"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0064-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_64"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0065-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_65"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0065-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_65"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0065-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0_65"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.6.0"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_01"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_01"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_01"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_02"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_02"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_02"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_03"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_03"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_03"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_04"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_04"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_04"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_05"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_05"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_05"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_06"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_06"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_06"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_07"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_07"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_07"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_08"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_08"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_08"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_09"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_09"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_09"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_10"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_10"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_10"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_11"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_11"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_11"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_12"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_12"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_12"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_13"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0013-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_13"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0013-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_13"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0014-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_14"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0014-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_14"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0014-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_14"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_15"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0015-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_15"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0015-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_15"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0016-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_16"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0016-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_16"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0016-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_16"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_17"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_17"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_17"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0018-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_18"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0018-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_18"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0018-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_18"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0019-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_19"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0019-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_19"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0019-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_19"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0020-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_20"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0020-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_20"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0020-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_20"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_21"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_21"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_21"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0022-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_22"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0022-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_22"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0022-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_22"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0023-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_23"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0023-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_23"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0023-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_23"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0024-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_24"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0024-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_24"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0024-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_24"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_25"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0025-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_25"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0025-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_25"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0026-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_26"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0026-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_26"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0026-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_26"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0027-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_27"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0027-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_27"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0027-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_27"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0028-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_28"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0028-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_28"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0028-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_28"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0029-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_29"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0029-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_29"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0029-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_29"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0030-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_30"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0030-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_30"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0030-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_30"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0031-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_31"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0031-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_31"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0031-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_31"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0032-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_32"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0032-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_32"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0032-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_32"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0033-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_33"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0033-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_33"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0033-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_33"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0034-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_34"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0034-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_34"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0034-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_34"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0035-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_35"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0035-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_35"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0035-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_35"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0036-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_36"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0036-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_36"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0036-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_36"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0037-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_37"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0037-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_37"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0037-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_37"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0038-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_38"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0038-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_38"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0038-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_38"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0039-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_39"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0039-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_39"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0039-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_39"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0040-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_40"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0040-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_40"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0040-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_40"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0041-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_41"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0041-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_41"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0041-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_41"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0042-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_42"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0042-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_42"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0042-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_42"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0043-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_43"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0043-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_43"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0043-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_43"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0044-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_44"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0044-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_44"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0044-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_44"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_45"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_45"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0_45"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{CAFEEFAC-0017-0000-FFFF-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @="Java Plug-in 1.7.0"
    .
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000_Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}]
    @DACL=(02 0000)
    @="Java Plug-in 1.3.0_02"
    .
    ------------------------ Andra processer som körs ------------------------
    .
    c:\program files\Microsoft Security Client\MsMpEng.exe
    c:\program files\Sandboxie\SbieSvc.exe
    c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    c:\program files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
    c:\windows\system32\conime.exe
    c:\program files\Windows Media Player\wmpnscfg.exe
    .
    **************************************************************************
    .
    Sluttid: 2014-01-27 20:30:41 - datorn startades om.
    ComboFix-quarantined-files.txt 2014-01-27 19:30
    ComboFix2.txt 2013-11-17 20:45
    ComboFix3.txt 2013-11-09 23:47
    .
    Före genomsökningen: 149 852 213 248 byte ledigt
    Efter genomsökningen: 149 938 532 352 byte ledigt
    .
    - - End Of File - - 30AAA344B56905191B115185ADCCD49B
    5C616939100B85E558DA92B899A0FC36
  15. rogerthat69

    rogerthat69 Newcomer, in training Topic Starter Posts: 47

    Broni;

    After reboot WinPatrol asked me if I would accept a file type change(association)
    regarding the Operating Systems of Windows. I don´t know what to do?
    It is about rundll32.exe ieframe.dll, OpenURL % and the path I suspect!
    Shall I say YES? Guess it is a Combofix-result!

    I want to send over a screen-shoot if you don´t mind. I will await Your reply!

    //Thanks
  16. rogerthat69

    rogerthat69 Newcomer, in training Topic Starter Posts: 47

    Broni,

    Screen-shoot to big to paste here. Have to upload as a file named
    "Filetype_associations_changerWinPatrol"
  17. rogerthat69

    rogerthat69 Newcomer, in training Topic Starter Posts: 47

    Broni,

    Have tried different formats to send my screen-shot but still file is too big.

    Attached Files:

  18. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    How about reading my instructions carefully?
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.

    As for WinPatrol say "Yes".

    Combofix log looks good.

    How is computer doing?

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  19. rogerthat69

    rogerthat69 Newcomer, in training Topic Starter Posts: 47

    I´m sorry Broni but I understood; " **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue." this Note 3 as a thing happening during Combofix-scan! Not after ComboFix was completed. Never the less I re-
    booted but later. Sandboxie(with Firefox) starts again as "normal" but processor
    and disk-usage are both very intensive at the beginning making it impossible to
    get responses for a few minutes. Icons on desktop are still disappearing unregu-
    larly but comes back slowly. In Explorer the file-icon´s always pops up one after another due to slow memory-processes(I guess).

    Hidden files: A dmk-file is back. I have deleted this one a few times before on
    boot-up by WinPatrol. Have no idea about the validation of this file(found nothing):
    C:\Users\My nameAppDataLocal\temp\4d76aae0d9340b51e9000000.dmk
    I will delete this file at reboot on your confirmation!

    Mozilla Maintenance Service is "always" stopped! (as before). I guess it is an
    update-checker? Never seen it running in TM.

    Service APPMGMTS. File does not exist. Command svchost.exe APPMGMTS.DLL
    (An old problem but I guess the service is not required)
  20. rogerthat69

    rogerthat69 Newcomer, in training Topic Starter Posts: 47

    Sandboxie(Firefox) could not start: Error Code 1067(process suddenly aborted)
    2:nd try though. Guess it has to do with upstart-problems as told.

    # AdwCleaner v3.017 - Report created 28/01/2014 at 00:43:33
    # Updated 12/01/2014 by Xplode
    # Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
    # Username : Ägaren - ÄGAREN-DATOR
    # Running from : C:\Users\Ägaren\Desktop\adwcleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Program Files\Toolbar Cleaner
    Folder Deleted : C:\Users\Ägaren\AppData\Local\eSupport.com
    Folder Deleted : C:\Users\Ägaren\AppData\LocalLow\adawaretb
    Folder Deleted : C:\Users\Ägaren\AppData\Roaming\Mozilla\Firefox\Profiles\cw0z022w.default\adawaretb
    Folder Deleted : C:\Users\Ägaren\AppData\Roaming\Mozilla\Firefox\Profiles\zmugow3t.default\adawaretb

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
    Key Deleted : HKLM\Software\adawaretb
    Key Deleted : HKLM\Software\Toolbar Cleaner
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\adawaretb

    ***** [ Browsers ] *****

    -\\ Internet Explorer v9.0.8112.16526


    -\\ Mozilla Firefox v26.0 (sv-SE)

    [ File : C:\Users\Ägaren\AppData\Roaming\Mozilla\Firefox\Profiles\zmugow3t.default\prefs.js ]


    *************************

    AdwCleaner[R0].txt - [2138 octets] - [28/01/2014 00:42:30]
    AdwCleaner[S0].txt - [2101 octets] - [28/01/2014 00:43:33]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2161 octets] ##########
  21. rogerthat69

    rogerthat69 Newcomer, in training Topic Starter Posts: 47

    Sorry about the delay. Had a shutdown in the middle of the JRT-Run. SandBoxie suddenly popped up before the shutdown. Could have been av shut-down due to
    overheating(fan-problems still normal) but no message during reboot(like "un-
    expected shutdown"). Downloaded a new JRT before running.

    Adaware now gone as Toolbar(I don´t think it was a bad program though).


    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.0 (01.07.2014:1)
    OS: Windows Vista (TM) Home Premium x86
    Ran by Žgaren on 2014-01-28 at 1:23:07,40
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Users\Žgaren\appdata\local\adawarebp"



    ~~~ FireFox

    Successfully deleted: [Folder] C:\Users\Žgaren\AppData\Roaming\mozilla\firefox\profiles\zmugow3t.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
    Successfully deleted the following from C:\Users\Žgaren\AppData\Roaming\mozilla\firefox\profiles\zmugow3t.default\prefs.js

    user_pref("keyword.URL", "hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=__installtime__&hsimp=yhs-lavasoft&ent=bs&q=");
    Emptied folder: C:\Users\Žgaren\AppData\Roaming\mozilla\firefox\profiles\zmugow3t.default\minidumps [7 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 2014-01-28 at 1:25:33,99
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  22. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    I don't think overheating shutdown gives you any warning message.
  23. rogerthat69

    rogerthat69 Newcomer, in training Topic Starter Posts: 47

    OTL logfile created on: 2014-01-28 01:45:19 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ägaren\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd
    2,00 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 65,68% Memory free
    4,23 Gb Paging File | 3,62 Gb Available in Paging File | 85,76% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 195,31 Gb Total Space | 139,77 Gb Free Space | 71,56% Space Free | Partition Type: NTFS
    Drive E: | 37,57 Gb Total Space | 37,48 Gb Free Space | 99,76% Space Free | Partition Type: NTFS
    Computer Name: ÄGAREN-DATOR | User Name: Ägaren | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
    ========== Processes (SafeList) ==========
    PRC - [2014-01-28 01:36:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ägaren\Desktop\OTL.exe
    PRC - [2013-12-10 06:01:04 | 000,455,744 | ---- | M] (BillP Studios) -- C:\Program\BillP Studios\WinPatrol\WinPatrol.exe
    PRC - [2013-10-23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) -- c:\Program\Microsoft Security Client\NisSrv.exe
    PRC - [2013-10-23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program\Microsoft Security Client\MsMpEng.exe
    PRC - [2013-10-23 14:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\Program\Microsoft Security Client\msseces.exe
    PRC - [2013-10-16 14:07:46 | 000,543,432 | ---- | M] (Sandboxie Holdings, LLC) -- C:\Program\Sandboxie\SbieCtrl.exe
    PRC - [2013-10-16 14:07:44 | 000,130,248 | ---- | M] (Sandboxie Holdings, LLC) -- C:\Program\Sandboxie\SbieSvc.exe
    PRC - [2013-09-27 19:46:26 | 000,559,696 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
    PRC - [2011-06-21 18:57:40 | 000,196,912 | ---- | M] (Nitro PDF Software) -- C:\Program\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
    PRC - [2009-04-10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008-01-21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Media Player\wmpnscfg.exe
    PRC - [2007-05-10 15:10:06 | 004,468,736 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
    PRC - [2007-02-12 12:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2007-02-12 12:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    ========== Modules (No Company Name) ==========
    MOD - [2013-07-15 18:29:04 | 000,620,718 | ---- | M] () -- C:\Program\BillP Studios\WinPatrol\sqlite3.dll
    ========== Services (SafeList) ==========
    SRV - File not found [Disabled | Stopped] -- C:\Windows\system32\nvvsvc.exe -- (nvsvc)
    SRV - [2013-12-05 20:36:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [Auto | Stopped] -- C:\Program\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013-10-23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV - [2013-10-23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2013-10-16 14:07:44 | 000,130,248 | ---- | M] (Sandboxie Holdings, LLC) [Auto | Running] -- C:\Program\Sandboxie\SbieSvc.exe -- (SbieSvc)
    SRV - [2011-06-21 18:57:40 | 000,196,912 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2)
    SRV - [2008-01-21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
    SRV - [2008-01-21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007-02-12 12:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
    ========== Driver Services (SafeList) ==========
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2014-01-27 01:34:22 | 000,026,624 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\System32\TrueSight.sys -- (TrueSight)
    DRV - [2014-01-06 23:40:02 | 000,022,528 | ---- | M] (pBUS-167 Software - http://www.pbus-167.com) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nhcDriver.sys -- (nhcDriverDevice)
    DRV - [2013-10-16 14:07:40 | 000,159,840 | ---- | M] (Sandboxie Holdings, LLC) [Kernel | On_Demand | Running] -- C:\Program\Sandboxie\SbieDrv.sys -- (SbieDrv)
    DRV - [2013-09-27 09:53:06 | 000,104,768 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2010-06-23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
    DRV - [2009-10-26 15:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
    DRV - [2009-09-01 07:19:18 | 009,825,728 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2009-02-05 17:39:08 | 000,017,064 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter)
    DRV - [2009-02-05 17:39:00 | 000,012,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiRemFil.sys -- (SiRemFil)
    DRV - [2009-02-05 17:38:24 | 000,212,520 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Si3531.sys -- (Si3531)
    DRV - [2007-09-26 12:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
    DRV - [2007-05-04 09:21:48 | 000,208,896 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\iaNvStor.sys -- (iaNvStor)
    DRV - [2007-01-08 11:38:30 | 000,046,592 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
    DRV - [2005-05-25 09:39:06 | 000,004,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program\RMClock\RTCore32.sys -- (RTCore32)
    ========== Standard Registry (SafeList) ==========
    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-2935924495-2357685730-2340671949-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-21-2935924495-2357685730-2340671949-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-2935924495-2357685730-2340671949-1000\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-2935924495-2357685730-2340671949-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-2935924495-2357685730-2340671949-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    ========== FireFox ==========
    FF - prefs.js - File not found
    FF - user.js - File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll File not found
    FF - HKLM\Software\MozillaPlugins\NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
    [2013-11-14 12:55:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ägaren\AppData\Roaming\mozilla\Extensions
    [2013-12-25 01:19:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ägaren\AppData\Roaming\mozilla\Firefox\Profiles\cw0z022w.default\extensions
    [2013-11-15 22:28:57 | 000,000,000 | ---D | M] (Widevine Media Optimizer) -- C:\Users\Ägaren\AppData\Roaming\mozilla\Firefox\Profiles\cw0z022w.default\extensions\{2d3fbcf7-be69-4433-8858-c621a8d0e58d}
    [2013-12-14 19:28:50 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Ägaren\AppData\Roaming\mozilla\Firefox\Profiles\cw0z022w.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2014-01-28 01:25:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ägaren\AppData\Roaming\mozilla\Firefox\Profiles\zmugow3t.default\extensions
    [2014-01-12 17:28:15 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Ägaren\AppData\Roaming\mozilla\Firefox\Profiles\zmugow3t.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2013-12-24 18:11:16 | 000,535,425 | ---- | M] () (No name found) -- C:\Users\Ägaren\AppData\Roaming\mozilla\firefox\profiles\cw0z022w.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
    [2014-01-26 15:54:53 | 000,536,213 | ---- | M] () (No name found) -- C:\Users\Ägaren\AppData\Roaming\mozilla\firefox\profiles\zmugow3t.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
    [2013-12-29 16:06:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program\Mozilla Firefox\browser\extensions
    [2013-12-29 16:06:57 | 000,000,000 | ---D | M] (Default) -- C:\Program\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    O1 HOSTS File: ([2014-01-27 20:26:42 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKU\S-1-5-21-2935924495-2357685730-2340671949-1000..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (Sandboxie Holdings, LLC)
    O4 - HKU\S-1-5-21-2935924495-2357685730-2340671949-1000..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2935924495-2357685730-2340671949-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2935924495-2357685730-2340671949-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.255.245.11 193.150.193.150
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C28FB24-23FB-4DFF-9F5A-02C6CBD9B99D}: DhcpNameServer = 83.255.245.11 193.150.193.150
    O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006-09-18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    ========== Files/Folders - Created Within 30 Days ==========
    [2014-01-28 01:42:01 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Local\adawarebp
    [2014-01-28 01:37:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ägaren\Desktop\OTL.exe
    [2014-01-28 01:01:45 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2014-01-28 00:42:25 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2014-01-27 20:30:45 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2014-01-27 20:30:44 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Local\temp
    [2014-01-27 20:26:46 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2014-01-27 20:19:54 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2014-01-27 02:02:21 | 000,107,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    [2014-01-27 01:59:47 | 000,000,000 | ---D | C] -- C:\Program Files\mbar
    [2014-01-26 17:08:50 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
    [2014-01-21 16:20:15 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
    [2014-01-18 13:50:52 | 000,000,000 | R--D | C] -- C:\Sandbox
    [2014-01-18 02:41:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
    [2014-01-18 02:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
    [2014-01-15 12:03:00 | 000,000,000 | ---D | C] -- C:\Windows\Migration
    [2014-01-10 00:14:31 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Ägaren\Desktop\aswMBR.exe
    [2014-01-09 23:26:31 | 001,065,947 | ---- | C] (Farbar) -- C:\Users\Ägaren\Desktop\FRST.exe
    [2014-01-09 23:03:55 | 000,104,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys.bak
    [2014-01-09 22:45:49 | 000,000,000 | ---D | C] -- C:\mbar
    [2014-01-09 21:42:40 | 000,075,480 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
    [2014-01-09 01:02:50 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\Desktop\RK_Quarantine
    [2014-01-06 23:40:02 | 000,022,528 | ---- | C] (pBUS-167 Software - http://www.pbus-167.com) -- C:\Windows\System32\drivers\nhcDriver.sys
    [2014-01-06 23:39:57 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notebook Hardware Control
    [2014-01-06 23:39:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notebook Hardware Control
    [2014-01-06 23:39:53 | 000,000,000 | ---D | C] -- C:\Program Files\Notebook Hardware Control
    [2014-01-04 15:58:14 | 000,000,000 | ---D | C] -- C:\Program Files\Belarc
    [2013-12-31 13:25:56 | 000,000,000 | ---D | C] -- C:\getservices
    [2013-12-30 12:46:32 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
    [2013-12-30 09:08:36 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\AppData\Local\Adobe
    [2013-12-29 16:07:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
    [2013-12-29 16:06:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2013-12-29 15:54:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013-12-29 15:54:18 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2013-12-29 15:54:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2013-12-29 15:39:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RightMark CPU Clock Utility
    [2013-12-29 15:39:39 | 000,000,000 | ---D | C] -- C:\Program Files\RMClock
    [2013-12-29 15:17:44 | 002,600,648 | ---- | C] (Sandboxie Holdings, LLC) -- C:\Users\Ägaren\Desktop\SandboxieInstall.exe
    [2013-12-29 15:17:19 | 010,284,816 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Ägaren\Desktop\mbam-setup.exe
    [2013-12-29 15:16:44 | 009,452,704 | ---- | C] (SurfRight B.V.) -- C:\Users\Ägaren\Desktop\HitmanPro.exe
    [2013-12-29 15:13:25 | 011,469,030 | ---- | C] (SeriousBit ) -- C:\Users\Ägaren\Desktop\EnhanceMyVista3Setup.exe
    [2013-12-29 15:12:07 | 000,540,072 | ---- | C] (Neuber Software) -- C:\Users\Ägaren\Desktop\SvchostAnalyzer.exe
    [2013-12-29 15:09:06 | 002,248,504 | ---- | C] (Runscanner.net) -- C:\Users\Ägaren\Desktop\runscanner.exe
    [2006-11-01 13:07:06 | 000,334,720 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Program Files\RootkitRevealer.exe
    ========== Files - Modified Within 30 Days ==========
    [2014-01-28 01:42:02 | 000,004,576 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2014-01-28 01:42:02 | 000,004,576 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2014-01-28 01:41:59 | 000,001,356 | ---- | M] () -- C:\Users\Ägaren\AppData\Local\d3d9caps.dat
    [2014-01-28 01:41:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014-01-28 01:41:53 | 2145,820,672 | -HS- | M] () -- C:\hiberfil.sys
    [2014-01-28 01:36:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ägaren\Desktop\OTL.exe
    [2014-01-27 22:23:53 | 000,200,288 | ---- | M] () -- C:\Users\Ägaren\Documents\Filetype_associations_changerWinPatrol.pdf
    [2014-01-27 22:20:01 | 000,885,691 | ---- | M] () -- C:\Users\Ägaren\Documents\Filetype_associations_changerWinPatrol.odt
    [2014-01-27 21:42:07 | 000,000,510 | ---- | M] () -- C:\Windows\WORDPAD.INI
    [2014-01-27 20:26:42 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2014-01-27 02:02:21 | 000,107,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    [2014-01-27 01:59:51 | 000,075,480 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
    [2014-01-27 01:34:22 | 000,026,624 | ---- | M] () -- C:\Windows\System32\TrueSight.sys
    [2014-01-24 11:58:37 | 000,631,342 | ---- | M] () -- C:\Windows\System32\perfh01D.dat
    [2014-01-24 11:58:37 | 000,629,660 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2014-01-24 11:58:37 | 000,134,628 | ---- | M] () -- C:\Windows\System32\perfc01D.dat
    [2014-01-24 11:58:37 | 000,115,226 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2014-01-22 22:32:05 | 000,202,153 | ---- | M] () -- C:\Users\Ägaren\Desktop\ProSharesFactSheetYXI.pdf
    [2014-01-22 12:44:33 | 000,000,036 | ---- | M] () -- C:\Users\Ägaren\AppData\Roaming\mbam.context.scan
    [2014-01-19 23:15:10 | 000,018,322 | ---- | M] () -- C:\Users\Ägaren\Documents\cc_20140119_231442_efterSFC_reparation.reg
    [2014-01-19 14:38:28 | 000,001,364 | ---- | M] () -- C:\Windows\Sandboxie.ini
    [2014-01-18 02:41:05 | 000,000,860 | ---- | M] () -- C:\Users\Ägaren\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandlådad Webbläsare.lnk
    [2014-01-16 00:30:25 | 098,906,072 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2014-01-10 00:30:49 | 000,000,512 | ---- | M] () -- C:\Users\Ägaren\Desktop\MBR.dat
    [2014-01-10 00:14:33 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Ägaren\Desktop\aswMBR.exe
    [2014-01-09 23:42:30 | 000,000,114 | ---- | M] () -- C:\local.conf
    [2014-01-09 23:26:32 | 001,065,947 | ---- | M] (Farbar) -- C:\Users\Ägaren\Desktop\FRST.exe
    [2014-01-09 23:03:55 | 000,104,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys.bak
    [2014-01-08 02:03:45 | 000,334,720 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Program Files\RootkitRevealer.exe
    [2014-01-08 02:03:40 | 000,102,160 | ---- | M] () -- C:\Program Files\RootkitRevealer.chm
    [2014-01-07 23:37:33 | 002,799,296 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Ägaren\Desktop\procexp.exe
    [2014-01-07 23:34:46 | 000,300,832 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Ägaren\Desktop\Tcpview.exe
    [2014-01-06 23:40:02 | 000,022,528 | ---- | M] (pBUS-167 Software - http://www.pbus-167.com) -- C:\Windows\System32\drivers\nhcDriver.sys
    [2014-01-04 15:58:15 | 000,001,925 | ---- | M] () -- C:\Users\Ägaren\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
    [2014-01-04 15:58:15 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
    [2013-12-30 13:26:08 | 000,256,840 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2013-12-29 16:07:11 | 000,000,870 | ---- | M] () -- C:\Users\Ägaren\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2013-12-29 16:07:10 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2013-12-29 15:54:23 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013-12-29 15:40:38 | 000,000,844 | ---- | M] () -- C:\Users\Ägaren\Desktop\RightMark CPU Clock Utility.lnk
    ========== Files Created - No Company Name ==========
    [2014-01-27 22:23:47 | 000,200,288 | ---- | C] () -- C:\Users\Ägaren\Documents\Filetype_associations_changerWinPatrol.pdf
    [2014-01-27 22:19:50 | 000,885,691 | ---- | C] () -- C:\Users\Ägaren\Documents\Filetype_associations_changerWinPatrol.odt
    [2014-01-27 21:42:07 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
    [2014-01-27 00:45:56 | 000,026,624 | ---- | C] () -- C:\Windows\System32\TrueSight.sys
    [2014-01-22 22:32:25 | 000,202,153 | ---- | C] () -- C:\Users\Ägaren\Desktop\ProSharesFactSheetYXI.pdf
    [2014-01-22 12:44:33 | 000,000,036 | ---- | C] () -- C:\Users\Ägaren\AppData\Roaming\mbam.context.scan
    [2014-01-22 02:31:28 | 2145,820,672 | -HS- | C] () -- C:\hiberfil.sys
    [2014-01-19 23:15:06 | 000,018,322 | ---- | C] () -- C:\Users\Ägaren\Documents\cc_20140119_231442_efterSFC_reparation.reg
    [2014-01-18 02:42:47 | 000,000,860 | ---- | C] () -- C:\Users\Ägaren\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandlådad Webbläsare.lnk
    [2014-01-18 02:42:45 | 000,001,364 | ---- | C] () -- C:\Windows\Sandboxie.ini
    [2014-01-16 00:28:45 | 098,906,072 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2014-01-10 00:30:49 | 000,000,512 | ---- | C] () -- C:\Users\Ägaren\Desktop\MBR.dat
    [2014-01-09 23:42:30 | 000,000,114 | ---- | C] () -- C:\local.conf
    [2014-01-04 15:58:15 | 000,001,925 | ---- | C] () -- C:\Users\Ägaren\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
    [2014-01-04 15:58:15 | 000,001,913 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
    [2014-01-04 15:58:15 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
    [2013-12-29 16:07:10 | 000,000,870 | ---- | C] () -- C:\Users\Ägaren\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2013-12-29 16:07:10 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2013-12-29 16:07:10 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2013-12-29 15:54:23 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013-12-29 15:39:40 | 000,000,844 | ---- | C] () -- C:\Users\Ägaren\Desktop\RightMark CPU Clock Utility.lnk
    [2013-12-29 15:18:10 | 003,197,352 | ---- | C] () -- C:\Users\Ägaren\Desktop\advisorinstaller.exe
    [2013-12-29 15:14:25 | 002,804,572 | ---- | C] () -- C:\Users\Ägaren\Desktop\tweaking.com_windows_repair_aio.zip
    [2013-11-12 16:55:48 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-ÄGAREN-DATOR-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
    [2013-11-12 00:57:15 | 000,000,015 | ---- | C] () -- C:\Windows\System32\settings.dat
    [2013-11-10 00:40:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013-11-10 00:40:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013-11-10 00:40:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013-11-10 00:40:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013-11-10 00:40:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2013-10-26 18:44:53 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2013-10-26 18:44:52 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.dat
    [2013-10-22 19:50:35 | 000,003,584 | ---- | C] () -- C:\Users\Ägaren\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013-10-22 19:38:51 | 000,000,552 | ---- | C] () -- C:\Users\Ägaren\AppData\Local\d3d8caps.dat
    [2013-10-21 15:55:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2013-10-21 15:55:16 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2013-10-21 13:21:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2013-10-21 11:58:51 | 000,001,356 | ---- | C] () -- C:\Users\Ägaren\AppData\Local\d3d9caps.dat
    [2013-09-20 14:31:58 | 121,042,008 | ---- | C] () -- C:\Program Files\openoffice1.cab
    [2013-09-20 14:30:28 | 002,260,992 | ---- | C] () -- C:\Program Files\openoffice401.msi
    [2013-09-20 14:30:28 | 000,000,279 | ---- | C] () -- C:\Program Files\setup.ini
    [2005-12-07 14:19:40 | 000,102,160 | ---- | C] () -- C:\Program Files\RootkitRevealer.chm
    ========== ZeroAccess Check ==========
    [2006-11-02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012-06-08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009-04-10 22:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009-04-10 22:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
    ========== LOP Check ==========
    [2013-11-12 13:37:14 | 000,000,000 | ---D | M] -- C:\Users\Ägaren\AppData\Roaming\Curiolab
    [2013-11-10 06:13:10 | 000,000,000 | ---D | M] -- C:\Users\Ägaren\AppData\Roaming\Downloaded Installations
    [2014-01-13 02:25:21 | 000,000,000 | ---D | M] -- C:\Users\Ägaren\AppData\Roaming\Nitro PDF
    [2013-11-10 13:51:24 | 000,000,000 | ---D | M] -- C:\Users\Ägaren\AppData\Roaming\OpenOffice
    [2013-11-10 05:00:14 | 000,000,000 | ---D | M] -- C:\Users\Ägaren\AppData\Roaming\QuickScan
    [2013-12-30 00:30:32 | 000,000,000 | ---D | M] -- C:\Users\Ägaren\AppData\Roaming\Runscanner.net
    [2013-12-29 00:25:26 | 000,000,000 | ---D | M] -- C:\Users\Ägaren\AppData\Roaming\WinPatrol
    ========== Purity Check ==========

    < End of report >
  24. rogerthat69

    rogerthat69 Newcomer, in training Topic Starter Posts: 47

    No warning before shutdown but when rebooting.I get a message about "unexpected shutdown detected(but not always!!). I guess some kind of restoring are prepared in
    these cases etc.

    OTL Extras logfile created on: 2014-01-28 01:45:19 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ägaren\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd
    2,00 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 65,68% Memory free
    4,23 Gb Paging File | 3,62 Gb Available in Paging File | 85,76% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 195,31 Gb Total Space | 139,77 Gb Free Space | 71,56% Space Free | Partition Type: NTFS
    Drive E: | 37,57 Gb Total Space | 37,48 Gb Free Space | 99,76% Space Free | Partition Type: NTFS
    Computer Name: ÄGAREN-DATOR | User Name: Ägaren | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
    ========== Extra Registry (SafeList) ==========
    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
    [HKEY_USERS\S-1-5-21-2935924495-2357685730-2340671949-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    ========== Shell Spawning ==========
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    ========== Security Center Settings ==========
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
    ========== System Restore Settings ==========
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0
    ========== Firewall Settings ==========
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0
    ========== Authorized Applications List ==========
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    ========== Vista Active Open Ports Exception List ==========
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    ========== Vista Active Application Exception List ==========
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{12A97C55-F7DD-45DA-832C-2519252D06AC}" = protocol=17 | dir=in | app=c:\program files\lavasoft\adaware securesearch toolbar\dtuser.exe |
    "{BC59F011-E62D-43BB-BC8B-564C0B2A5050}" = protocol=6 | dir=in | app=c:\program files\lavasoft\adaware securesearch toolbar\dtuser.exe |
    ========== HKEY_LOCAL_MACHINE Uninstall List ==========
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0CD47142-BA4F-46B0-AA92-2675864928B8}" = Microsoft Security Client
    "{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{46BCB691-9148-4FCB-B215-CCDF70B5D95A}" = OpenOffice 4.0.1
    "{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{7D7152AF-581B-316F-8CA4-15342C3EFA4B}" = Microsoft .NET Framework 3.5 Language Pack SP1 - sve
    "{84481A87-2316-4923-8FAB-3BA8CA29323D}" = WinPatrol
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
    "{88BF0782-7316-34EA-AEBE-3A8757B656DA}" = Microsoft .NET Framework 4.5.1 (SVE)
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
    "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
    "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1053" = Microsoft .NET Framework 4.5.1 (svenska)
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F5ED909F-8571-4B03-B200-6087F32CD973}" = Nitro PDF Reader 2
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Belarc Advisor" = Belarc Advisor 8.4
    "CCleaner" = CCleaner
    "Exterminate It!" = Exterminate It!
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Microsoft .NET Framework 3.5 Language Pack SP1 - sve" = Språkpaket för Microsoft .NET Framework 3.5 SP 1 - sve
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft Security Client" = Microsoft Security Essentials
    "Mozilla Firefox 26.0 (x86 sv-SE)" = Mozilla Firefox 26.0 (x86 sv-SE)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "NirSoft BlueScreenView" = NirSoft BlueScreenView
    "Notebook Hardware Control" = Notebook Hardware Control 2.0 Pre-Release-06 Bugfix
    "NVIDIA Drivers" = NVIDIA Drivers
    "Revo Uninstaller" = Revo Uninstaller 1.95
    "Sandboxie" = Sandboxie 4.06 (32-bit)
    "SMSERIAL" = Motorola SM56 Speakerphone Modem
    ========== Last 20 Event Log Errors ==========
    [ System Events ]
    Error - 2014-01-27 20:42:08 | Computer Name = Ägaren-dator | Source = DCOM | ID = 10001
    Description =
    Error - 2014-01-27 20:43:37 | Computer Name = Ägaren-dator | Source = Service Control Manager | ID = 7000
    Description =
    Error - 2014-01-27 20:43:37 | Computer Name = Ägaren-dator | Source = Service Control Manager | ID = 7001
    Description =
    Error - 2014-01-27 20:43:37 | Computer Name = Ägaren-dator | Source = Service Control Manager | ID = 7001
    Description =
    < End of report >
  25. rogerthat69

    rogerthat69 Newcomer, in training Topic Starter Posts: 47

    OTL await your instructions about cleanup. Some strange things ocurred while downloading JRT from within Sandboxie. Icon´s of MS SEC Essential and WinPatrol
    both disappeared from bottom right desktop(active programs). But so far I could see in
    TaskMgr all programs where still running.

    And when downloading OTL, but after closing Firefox(Sandboxie), only MS SEC Ess.
    disappeard. By the way, MS Sec Client program MSMpEng.exe can not be killed in TaskMgr. Access denied(Adm Rights)!!


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.